General
-
Target
Documents_593342397_2054746689.zip
-
Size
52KB
-
Sample
210505-lkatvd6sme
-
MD5
0b3cca436781d5684db847201b9f8e5e
-
SHA1
10e8adeb584059f14ff141025774a3a71ea49b87
-
SHA256
188575087d85b470d347b84de095bfac2ed849b48e567996a8a41d894088dbfe
-
SHA512
426ae1fe02026e574019a13ff827ea3f61c6719c59fd9f54f7e33ce104db333640833fdd0b2fd671f26ce915e9f5dfa90fbc8a1b2f2bd38fd81101a167034ccd
Behavioral task
behavioral1
Sample
Documents_593342397_2054746689.xls
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Documents_593342397_2054746689.xls
Resource
win10v20210410
Malware Config
Extracted
https://atlantisprojects.ca/cheryasd.dll
Targets
-
-
Target
Documents_593342397_2054746689.xls
-
Size
293KB
-
MD5
389033e6344dfd187f5e11eb84879faf
-
SHA1
49e245741d6f4529e729da82573f950e91716e8e
-
SHA256
28aa0371eff399c03d0ba976b8ecd3eb2c191fccd52775c669e37bdfa5eef0bd
-
SHA512
ad8bd29be1b13972db777013e4c5c04be9fd3b66c09efd4a285e83bd6936801258604fcdcd28c3678ff7879f9c7056f28e8136bf037573cad168296821c33695
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-