General
-
Target
44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
-
Size
15KB
-
Sample
210817-2rqvqze3tj
-
MD5
7667baf4600d631f7aab1299604c9e8d
-
SHA1
ba5e3292901e3703621e81d23a9c8486ad42b835
-
SHA256
44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
-
SHA512
fb85252cd011972a1ea4658cc5b9f9a80d6bdc2bd7219b4d04cbfb5eff5ee4e935addd1b5e104a9679ea4badfbde342b4df776de61343018e963b0308407c3a5
Static task
static1
Behavioral task
behavioral1
Sample
44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a.doc
Resource
win7v20210410
Malware Config
Extracted
https://cdn.discordapp.com/attachments/869602547248283711/877244888020840448/Main.png
Targets
-
-
Target
44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
-
Size
15KB
-
MD5
7667baf4600d631f7aab1299604c9e8d
-
SHA1
ba5e3292901e3703621e81d23a9c8486ad42b835
-
SHA256
44ceb0661cb7a7920cb2f75d8b30608e921d1a6a6d73045a40e3271856aa811a
-
SHA512
fb85252cd011972a1ea4658cc5b9f9a80d6bdc2bd7219b4d04cbfb5eff5ee4e935addd1b5e104a9679ea4badfbde342b4df776de61343018e963b0308407c3a5
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-