General
-
Target
catalog-2012680994.zip
-
Size
50KB
-
Sample
210513-ykamzajezj
-
MD5
efc3c4bcc6ef9329e6295d02ba5ccd4a
-
SHA1
029ccd07d8a1778d7e3dfac7d44639ca8a365f20
-
SHA256
12eefb2e9db0aaebe97ded97ffb7fc192e548f206f857d99e808cdc525d3b7e2
-
SHA512
d66da4b625f09fd45f3362f7f08d888a95786bf72c0dc54280fdbc5b94a8ef2b6cbb680d5a7a9ad27ba90b3b684f64c60b07a55ab07ca83065db83861b872ff0
Static task
static1
Behavioral task
behavioral1
Sample
catalog-2012680994.xls
Resource
win7v20210408
Behavioral task
behavioral2
Sample
catalog-2012680994.xls
Resource
win10v20210410
Malware Config
Extracted
https://smartpalakatva.com/edQsUZOLlE/th.html
https://pilstlcommodities.com/Ov4FlB3lpy/th.html
Targets
-
-
Target
catalog-2012680994.xls
-
Size
367KB
-
MD5
d9896920b703407e6457a454319eb076
-
SHA1
ec5ccc2f1e3894d26c15ec251676d187454b1d58
-
SHA256
544249732ae65649ccbc287050f771e30333a6a47b5f18d848aa96eb7ecadf2e
-
SHA512
75ec7a2a661f5b2ef0f9009c83bda1d31c967edcf24edfe16632304474c02880cb036c63f33f4e4006794c6e6ced9d5c28e1dd556a77dda5d592502996a61849
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-