General
-
Target
6687482258948096.zip
-
Size
774KB
-
Sample
210626-pfdffzblaa
-
MD5
5b59c68e3329ce82a546eada44ffdd10
-
SHA1
0e5ed658cb4269825a02b86b268f00378aa3961a
-
SHA256
b28a7366e6345dee3ab973b94b1b995be7364f65ee395b0291d6d41c837d8d0c
-
SHA512
97be31abe9cf27e7874271d27eff874d576c139e9f1404ae6236cb2f41b8ba593ef0b05a2ffb927a563d77015adcd2ace4f3feca680f913dc02dba627b2c3d6c
Static task
static1
Behavioral task
behavioral1
Sample
b55a8aaac66e776570670f279cb26356cd07f3b8032b3433b9d605db93f584cc.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b55a8aaac66e776570670f279cb26356cd07f3b8032b3433b9d605db93f584cc.doc
Resource
win10v20210410
Malware Config
Targets
-
-
Target
b55a8aaac66e776570670f279cb26356cd07f3b8032b3433b9d605db93f584cc
-
Size
973KB
-
MD5
a240ab65fe550a5e864948ffe28b65e4
-
SHA1
369d257bcbdd43c9d21d353435c0d8430c9967c2
-
SHA256
b55a8aaac66e776570670f279cb26356cd07f3b8032b3433b9d605db93f584cc
-
SHA512
6f378c433715817818f4e2ae9ab9b6912fc00032945648f6bf91def1dc848f659e2a76098e618b759643a196cc81b1fb20eb82d03fb145984961ed5df31d986b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-