General
-
Target
DXXclarationsXprXXtesXPourXvisualiser.doc
-
Size
84KB
-
Sample
210222-61apwwp4y6
-
MD5
f39a42c8cf3c23846e1ade115fb3a996
-
SHA1
05e03f3137daeb4e5d8f668c76bf84ca663af941
-
SHA256
636aa231e7d46a77ce7e31df533afa4a4fccd70beb5e71a1be8edb7e17dadb7c
-
SHA512
3d73f2854d426ed079b84117470e32f31d9551cdec02146f980949eb8529ce2f5b8585911d08630c83d4d351e2241d1555dff5ef9f5e8411f1cfc1f29518dc18
Behavioral task
behavioral1
Sample
DXXclarationsXprXXtesXPourXvisualiser.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DXXclarationsXprXXtesXPourXvisualiser.doc
Resource
win10v20201028
Malware Config
Extracted
http://www.bidwincash.com/wp-admin/8NUY/
http://psishops.com/wp-admin/MSInfo/
http://messenger-courier.com/content/Service/
http://redmanns-way.com/jeff-intervention-txqikkf/Engines/
http://alrlawsv.com/explain-functions-kuubxdu/4LAy/
http://arefhasan.com/wp-admin/z/
Targets
-
-
Target
DXXclarationsXprXXtesXPourXvisualiser.doc
-
Size
84KB
-
MD5
f39a42c8cf3c23846e1ade115fb3a996
-
SHA1
05e03f3137daeb4e5d8f668c76bf84ca663af941
-
SHA256
636aa231e7d46a77ce7e31df533afa4a4fccd70beb5e71a1be8edb7e17dadb7c
-
SHA512
3d73f2854d426ed079b84117470e32f31d9551cdec02146f980949eb8529ce2f5b8585911d08630c83d4d351e2241d1555dff5ef9f5e8411f1cfc1f29518dc18
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-