General
-
Target
DYANAMIC Inquiry.xlsx
-
Size
2.7MB
-
Sample
210408-tx6zpj5496
-
MD5
7590f977659a5cd174b0000a2530cd34
-
SHA1
969712afc83281312fbffacf8d3d4244635051c4
-
SHA256
df2d5a069d3e4a4516b14d6a64f6ec16e433cf883556ae1429d1e35c65ffe65f
-
SHA512
685f5dff7bc6742c037cb202c85a2c466d6c8ceeaf725d2e5639278ee24688697c278db7bc97bd4527ea0371f89ddd7e6c7e5271ee293333eb0ffa22c3703d03
Static task
static1
Behavioral task
behavioral1
Sample
DYANAMIC Inquiry.xlsx
Resource
win7v20201028
Behavioral task
behavioral2
Sample
DYANAMIC Inquiry.xlsx
Resource
win10v20201028
Malware Config
Extracted
xloader
2.3
http://www.adultpeace.com/p2io/
essentiallyourscandles.com
cleanxcare.com
bigplatesmallwallet.com
iotcloud.technology
dmgt4m2g8y2uh.net
malcorinmobiliaria.com
thriveglucose.com
fuhaitongxin.com
magetu.info
pyithuhluttaw.net
myfavbutik.com
xzklrhy.com
anewdistraction.com
mercuryaid.net
thesoulrevitalist.com
swayam-moj.com
liminaltechnology.com
lucytime.com
alfenas.info
carmelodesign.com
newmopeds.com
cyrilgraze.com
ruhexuangou.com
trendbold.com
centergolosinas.com
leonardocarrillo.com
advancedaccessapplications.com
aideliveryrobot.com
defenestration.world
zgcbw.net
shopihy.com
3cheer.com
untylservice.com
totally-seo.com
cmannouncements.com
tpcgzwlpyggm.mobi
hfjxhs.com
balloon-artists.com
vectoroutlines.com
boogerstv.com
procircleacademy.com
tricqr.com
hazard-protection.com
buylocalclub.info
m678.xyz
hiddenwholesale.com
ololmychartlogin.com
redudiban.com
brunoecatarina.com
69-1hn7uc.net
zmzcrossrt.xyz
dreamcashbuyers.com
yunlimall.com
jonathan-mandt.com
painhut.com
pandemisorgugirisi-tr.com
sonderbach.net
kce0728com.net
austinpavingcompany.com
biztekno.com
rodriggi.com
micheldrake.com
foxwaybrasil.com
a3i7ufz4pt3.net
Targets
-
-
Target
DYANAMIC Inquiry.xlsx
-
Size
2.7MB
-
MD5
7590f977659a5cd174b0000a2530cd34
-
SHA1
969712afc83281312fbffacf8d3d4244635051c4
-
SHA256
df2d5a069d3e4a4516b14d6a64f6ec16e433cf883556ae1429d1e35c65ffe65f
-
SHA512
685f5dff7bc6742c037cb202c85a2c466d6c8ceeaf725d2e5639278ee24688697c278db7bc97bd4527ea0371f89ddd7e6c7e5271ee293333eb0ffa22c3703d03
-
Xloader Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-