General
-
Target
4902777655558144.zip
-
Size
37KB
-
Sample
211013-n1l9eseah4
-
MD5
f4a042fbd9d770b4fb940e45c8061fd6
-
SHA1
3dce85832b1e9946886308ba2c8933bd89ecdf11
-
SHA256
04ea345004fd7f49f6ef909fbbabdcb2ef9436b95d400fa30f64e9b1b1d17d46
-
SHA512
adde5554b408a7756e2188b5c7b1e2a5b5bb1a813274d0e0bca00a57c373e73c4afcfe3749ed9c7e444f3fef555c066b17aac972e1d619fb64359b51e502b4a4
Behavioral task
behavioral1
Sample
38c556d3864acffc91332ffad4285b60d465c430ed37fc09c35a1b97a2dc2cb6.doc
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
38c556d3864acffc91332ffad4285b60d465c430ed37fc09c35a1b97a2dc2cb6.doc
Resource
win7v20210408
Behavioral task
behavioral3
Sample
38c556d3864acffc91332ffad4285b60d465c430ed37fc09c35a1b97a2dc2cb6.doc
Resource
win10-en-20210920
Behavioral task
behavioral4
Sample
38c556d3864acffc91332ffad4285b60d465c430ed37fc09c35a1b97a2dc2cb6.doc
Resource
win10-ja-20210920
Malware Config
Targets
-
-
Target
38c556d3864acffc91332ffad4285b60d465c430ed37fc09c35a1b97a2dc2cb6
-
Size
69KB
-
MD5
ab29df2b07096f2122b18e54d5d45a80
-
SHA1
e96f9660f7ea0e45f168edf4242f7d70390e935c
-
SHA256
38c556d3864acffc91332ffad4285b60d465c430ed37fc09c35a1b97a2dc2cb6
-
SHA512
6a3e2106019a1ba4c01ea21f7561bbbc74a63999bea057b6ad6178d205597ac5be286ca1788a4536c0aabb95df977bee960c3f8d704c816161a0d48e83a9be40
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Registers COM server for autorun
-
Blocklisted process makes network request
-
Drops file in System32 directory
-