General
-
Target
BIlls-8172135.doc
-
Size
43KB
-
Sample
211014-wvyn9sahbr
-
MD5
12489be76fc04c1226707d1029f834a8
-
SHA1
6aedf03afe4e5b7cb220d8541473243a9bd17179
-
SHA256
ccff267f5824ca8d8480b9050ff631681b3d7a0817241374cfa65fc7a3b58476
-
SHA512
1a7d7ddbc7f6da7e448ce83af6a3802c8e57bf1da8fe51e494e52c143ebda3759b0fbe044e1ecc394b02e3c7cba803ae2156dc781bb4242402bb8e58e55ee79b
Static task
static1
Behavioral task
behavioral1
Sample
BIlls-8172135.doc
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
BIlls-8172135.doc
Resource
win10-en-20210920
Malware Config
Extracted
https://cdn.discordapp.com/attachments/851105085270523917/895674622702399538/Server.txt
Targets
-
-
Target
BIlls-8172135.doc
-
Size
43KB
-
MD5
12489be76fc04c1226707d1029f834a8
-
SHA1
6aedf03afe4e5b7cb220d8541473243a9bd17179
-
SHA256
ccff267f5824ca8d8480b9050ff631681b3d7a0817241374cfa65fc7a3b58476
-
SHA512
1a7d7ddbc7f6da7e448ce83af6a3802c8e57bf1da8fe51e494e52c143ebda3759b0fbe044e1ecc394b02e3c7cba803ae2156dc781bb4242402bb8e58e55ee79b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-