General
-
Target
0706_35014509110315.doc
-
Size
901KB
-
Sample
210706-p91t59l47x
-
MD5
c20dc6f1340f89a35f43c110ee904124
-
SHA1
f06b6bca9090f63e43151114b482e863cd5f5f2e
-
SHA256
c86648f2699bfc4108c39b413374976eb7d1d1dbf8fbf275a9aa25c11ce836c4
-
SHA512
80f573053b14d92b0db43fd285fe12eb3359d872893cc6a8f0b4b8d8770b10eeb13958691c75a49e7f93ca52a438bc7304595e0a28761c7be1a97cee3fbc6553
Static task
static1
Behavioral task
behavioral1
Sample
0706_35014509110315.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0706_35014509110315.doc
Resource
win10v20210410
Malware Config
Targets
-
-
Target
0706_35014509110315.doc
-
Size
901KB
-
MD5
c20dc6f1340f89a35f43c110ee904124
-
SHA1
f06b6bca9090f63e43151114b482e863cd5f5f2e
-
SHA256
c86648f2699bfc4108c39b413374976eb7d1d1dbf8fbf275a9aa25c11ce836c4
-
SHA512
80f573053b14d92b0db43fd285fe12eb3359d872893cc6a8f0b4b8d8770b10eeb13958691c75a49e7f93ca52a438bc7304595e0a28761c7be1a97cee3fbc6553
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-