General
-
Target
tell-07.22.2021.doc
-
Size
68KB
-
Sample
210722-f435b4f1ws
-
MD5
50b3f639d32da6089829f267d44ef33c
-
SHA1
f5dd35011d0c34f232f74d2422d3aa6323f74cc8
-
SHA256
7ee027d76a4ada5d782ca4823b861a841c57058a8ff3dc80322a12a7854b8127
-
SHA512
c976e567d46f681fca1d6c5cafac53e22bb052290c20df6700e44900811210cc20992841eaeca9734e20b71bb022e8fca552d08b406a6b3f272195211213f5c4
Static task
static1
Behavioral task
behavioral1
Sample
tell-07.22.2021.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
tell-07.22.2021.doc
Resource
win10v20210408
Malware Config
Targets
-
-
Target
tell-07.22.2021.doc
-
Size
68KB
-
MD5
50b3f639d32da6089829f267d44ef33c
-
SHA1
f5dd35011d0c34f232f74d2422d3aa6323f74cc8
-
SHA256
7ee027d76a4ada5d782ca4823b861a841c57058a8ff3dc80322a12a7854b8127
-
SHA512
c976e567d46f681fca1d6c5cafac53e22bb052290c20df6700e44900811210cc20992841eaeca9734e20b71bb022e8fca552d08b406a6b3f272195211213f5c4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-