General
-
Target
a.xls
-
Size
293KB
-
Sample
210505-5bygmdq1bx
-
MD5
389033e6344dfd187f5e11eb84879faf
-
SHA1
49e245741d6f4529e729da82573f950e91716e8e
-
SHA256
28aa0371eff399c03d0ba976b8ecd3eb2c191fccd52775c669e37bdfa5eef0bd
-
SHA512
ad8bd29be1b13972db777013e4c5c04be9fd3b66c09efd4a285e83bd6936801258604fcdcd28c3678ff7879f9c7056f28e8136bf037573cad168296821c33695
Behavioral task
behavioral1
Sample
a.xls
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a.xls
Resource
win10v20210408
Malware Config
Extracted
https://atlantisprojects.ca/cheryasd.dll
Targets
-
-
Target
a.xls
-
Size
293KB
-
MD5
389033e6344dfd187f5e11eb84879faf
-
SHA1
49e245741d6f4529e729da82573f950e91716e8e
-
SHA256
28aa0371eff399c03d0ba976b8ecd3eb2c191fccd52775c669e37bdfa5eef0bd
-
SHA512
ad8bd29be1b13972db777013e4c5c04be9fd3b66c09efd4a285e83bd6936801258604fcdcd28c3678ff7879f9c7056f28e8136bf037573cad168296821c33695
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-