General
-
Target
maldoc.xls
-
Size
293KB
-
Sample
210505-nge27vhwz6
-
MD5
3a53da03a882458b32904991b479b7bd
-
SHA1
27da495de0fb5488c972eb762bc1c6d77baea804
-
SHA256
6c6ce2ca3d8f6796017905c5a41899cb2e99bf0aa190ed69de81363d314e52b9
-
SHA512
b3a5523fb3d8edc54b3a5a97cc55f19d4fbd220e1f40c8ebe9d2948c5fd2a9fc78dac669a55dcd9a58e9f9c417dc7aa09e800badeb3781a9d920d894f90946a1
Behavioral task
behavioral1
Sample
maldoc.xls
Resource
win7v20210410
Behavioral task
behavioral2
Sample
maldoc.xls
Resource
win10v20210408
Malware Config
Extracted
https://atlantisprojects.ca/cheryasd.dll
Targets
-
-
Target
maldoc.xls
-
Size
293KB
-
MD5
3a53da03a882458b32904991b479b7bd
-
SHA1
27da495de0fb5488c972eb762bc1c6d77baea804
-
SHA256
6c6ce2ca3d8f6796017905c5a41899cb2e99bf0aa190ed69de81363d314e52b9
-
SHA512
b3a5523fb3d8edc54b3a5a97cc55f19d4fbd220e1f40c8ebe9d2948c5fd2a9fc78dac669a55dcd9a58e9f9c417dc7aa09e800badeb3781a9d920d894f90946a1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-