General
-
Target
DSV INV 103823 14072021.ppt
-
Size
58KB
-
Sample
210714-2qya4dzzqj
-
MD5
4c5105952fcc267dc7b8bf5a2220fb51
-
SHA1
9f43f9de80672d5d228d254394360ae362d9a673
-
SHA256
5bd1784bd0379cb65a32f1c71989082c6b9168c150e18ba21b351b2320f667da
-
SHA512
88f09a875c5e6164fec848a535b2601262e90f4c110ebf34acbdbc31bccc6684c1d2f98359347c325354197a252d02b644da4e20e7d68365a52cca736590a540
Behavioral task
behavioral1
Sample
DSV INV 103823 14072021.ppt
Resource
win7v20210410
Behavioral task
behavioral2
Sample
DSV INV 103823 14072021.ppt
Resource
win10v20210408
Malware Config
Extracted
oski
103.153.76.164/we/mark/
Targets
-
-
Target
DSV INV 103823 14072021.ppt
-
Size
58KB
-
MD5
4c5105952fcc267dc7b8bf5a2220fb51
-
SHA1
9f43f9de80672d5d228d254394360ae362d9a673
-
SHA256
5bd1784bd0379cb65a32f1c71989082c6b9168c150e18ba21b351b2320f667da
-
SHA512
88f09a875c5e6164fec848a535b2601262e90f4c110ebf34acbdbc31bccc6684c1d2f98359347c325354197a252d02b644da4e20e7d68365a52cca736590a540
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-