General
-
Target
technical sheet.doc
-
Size
295KB
-
Sample
210420-sl7282hvz6
-
MD5
3ae5587b15fa3a7391837bff4d7f0ff0
-
SHA1
1d608a470e2bf351df55b080e87d62ed918b2c8f
-
SHA256
b2b9f945e823de8e2cb68ff9b4834d1c3e179756b5a3775f4986b849bc79d914
-
SHA512
7f9e83e741f815652e2262fa44900b9c51e20dc81d22145c53d601006cda9eb5d579837e533b43ff339180d2de3266fc254683f607ed73f9ac1e8ef127043271
Static task
static1
Behavioral task
behavioral1
Sample
technical sheet.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
technical sheet.doc
Resource
win10v20210410
Malware Config
Extracted
httP://brownfilleds.duckdns.org/zeddd.exe
Extracted
remcos
fieldsdegreenf.duckdns.org:6553
aaeeerbbbeee.duckdns.org:6553
Targets
-
-
Target
technical sheet.doc
-
Size
295KB
-
MD5
3ae5587b15fa3a7391837bff4d7f0ff0
-
SHA1
1d608a470e2bf351df55b080e87d62ed918b2c8f
-
SHA256
b2b9f945e823de8e2cb68ff9b4834d1c3e179756b5a3775f4986b849bc79d914
-
SHA512
7f9e83e741f815652e2262fa44900b9c51e20dc81d22145c53d601006cda9eb5d579837e533b43ff339180d2de3266fc254683f607ed73f9ac1e8ef127043271
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-