General
-
Target
Drawing for Our New Order.ppt
-
Size
61KB
-
Sample
210714-dkl7lx7wj2
-
MD5
79493748bb0077dcef55330b23a575f8
-
SHA1
03b6a4e65c92aafd4b1ca0b1c136480b05a3f4be
-
SHA256
38d2d19379a2972893b4e72762478cfb3323f1c6d56b50787e25ff4eb96a2f05
-
SHA512
7126d9fdb489eb259001917d2f6e4999789e6db9d61a752f65fe1652d97f04db0ff8f1652d8f865cbb86199fa16e7b34c83e8b3daadb1fd631716160c50ee540
Behavioral task
behavioral1
Sample
Drawing for Our New Order.ppt
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Drawing for Our New Order.ppt
Resource
win10v20210408
Malware Config
Extracted
oski
103.153.76.164/we/div/
Targets
-
-
Target
Drawing for Our New Order.ppt
-
Size
61KB
-
MD5
79493748bb0077dcef55330b23a575f8
-
SHA1
03b6a4e65c92aafd4b1ca0b1c136480b05a3f4be
-
SHA256
38d2d19379a2972893b4e72762478cfb3323f1c6d56b50787e25ff4eb96a2f05
-
SHA512
7126d9fdb489eb259001917d2f6e4999789e6db9d61a752f65fe1652d97f04db0ff8f1652d8f865cbb86199fa16e7b34c83e8b3daadb1fd631716160c50ee540
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-