General
-
Target
9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf
-
Size
173KB
-
Sample
210519-dmpssjm4p2
-
MD5
b591371308b94b1ca5545841fb64fbd7
-
SHA1
424d456e7e8a09a1cddb821b8f7eeb9b0dc3effb
-
SHA256
9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf
-
SHA512
ff0d0e352d05232c62642e576cc9e14e05630dfc59bff0b7c08399a108ced404824a76150561a1eb61ae28d856bcc6d46bb9848ad8497d6fb68778b7ac15f0e0
Static task
static1
Behavioral task
behavioral1
Sample
9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf.doc
Resource
win10v20210410
Malware Config
Extracted
http://suidi.com/IdWaI
http://spprospekt.com.br/WCH
http://sportpony.ch/R1c
http://regenerationcongo.com/imiK6
http://procoach.jp/newfolde_r/Q8G8Tdg
Targets
-
-
Target
9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf
-
Size
173KB
-
MD5
b591371308b94b1ca5545841fb64fbd7
-
SHA1
424d456e7e8a09a1cddb821b8f7eeb9b0dc3effb
-
SHA256
9eb5ebf4950818df9294072543535ab5bf97a9af906b2c14909a7c79445250cf
-
SHA512
ff0d0e352d05232c62642e576cc9e14e05630dfc59bff0b7c08399a108ced404824a76150561a1eb61ae28d856bcc6d46bb9848ad8497d6fb68778b7ac15f0e0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-