General
-
Target
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.zip
-
Size
9KB
-
Sample
211014-w8f2daahej
-
MD5
c51b86d1a7fd3e455943747121e9764c
-
SHA1
8b4d33aaf8573706e039e979ede632841162ca2e
-
SHA256
d122e97cc5bd9cfd5e122bb0aedf1f6835d8f535020a263fbd0ebf2535c5c471
-
SHA512
813d9e8b406ca5a7973089a08c017877da04b2704192d32c5de4b09058c090de026a46acaf3ce07c0499beb6302a541d3c07e3bf4158a572cf1b80c1b34091a1
Static task
static1
Behavioral task
behavioral1
Sample
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc
Resource
win10-en-20211014
Malware Config
Extracted
https://cdn.discordapp.com/attachments/851105085270523917/895674622702399538/Server.txt
Targets
-
-
Target
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d.doc
-
Size
31KB
-
MD5
da6419e4d4e4528990898bcfdaa85e01
-
SHA1
8fdfe23dac4252203c5b7f9ff8b4778676188ca2
-
SHA256
ad0972d2a239b3ba4cbe61079c530624e16e8e57159ce21796b3e711888c997d
-
SHA512
2a0e6ce142058fc73fa968a705be71768b2a183610610f5715792b25a1f699df10e1eb745772deaa74322fa8f8237eb7be82d7d2657baccd602605cfcee818e0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-