General
-
Target
PO-EME3448.docx
-
Size
10KB
-
Sample
210601-ssfzwsakjs
-
MD5
41cb54585c5188446052b8af876825db
-
SHA1
3f4747f38265aa7ebae7440e78e73e10742bc727
-
SHA256
474b17e5fdf5312c53ea7c31b6b5a7aebe51b6a6031f166c600527ec54e194ae
-
SHA512
410b07896f4d1ef045ec2cf4c3e26f34b5e7bb91f6d6552788d9993c3ba88fcbec4d954ef6637695e9f16dbe0eca2242f4e30f98405a3a18f27f04283a359af6
Static task
static1
Behavioral task
behavioral1
Sample
PO-EME3448.docx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
PO-EME3448.docx
Resource
win10v20210408
Malware Config
Extracted
http://79.110.52.186/naki/n.wbk
Targets
-
-
Target
PO-EME3448.docx
-
Size
10KB
-
MD5
41cb54585c5188446052b8af876825db
-
SHA1
3f4747f38265aa7ebae7440e78e73e10742bc727
-
SHA256
474b17e5fdf5312c53ea7c31b6b5a7aebe51b6a6031f166c600527ec54e194ae
-
SHA512
410b07896f4d1ef045ec2cf4c3e26f34b5e7bb91f6d6552788d9993c3ba88fcbec4d954ef6637695e9f16dbe0eca2242f4e30f98405a3a18f27f04283a359af6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Abuses OpenXML format to download file from external location
-