General
-
Target
details_010.21.doc
-
Size
34KB
-
Sample
211022-pc65cscdhr
-
MD5
aca3ce06cbd73347cfdc1019f37fa0b4
-
SHA1
debfcecf4cd178a6b266502ad9b5e2602638bfff
-
SHA256
27b8a197d7ae0f4538f79814ae2885e8b654a1633cc8caedf54f52aa931e0238
-
SHA512
e2b654cb0ce2aca2eb82d72c5518bc8192c4eef7662ea4446fd048a6983847bc15312876d9206e1b32ef1a02b81275acd155e87d023e38c2bbf5a0cd42092f68
Static task
static1
Behavioral task
behavioral1
Sample
details_010.21.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
details_010.21.doc
Resource
win10-en-20211014
Malware Config
Targets
-
-
Target
details_010.21.doc
-
Size
34KB
-
MD5
aca3ce06cbd73347cfdc1019f37fa0b4
-
SHA1
debfcecf4cd178a6b266502ad9b5e2602638bfff
-
SHA256
27b8a197d7ae0f4538f79814ae2885e8b654a1633cc8caedf54f52aa931e0238
-
SHA512
e2b654cb0ce2aca2eb82d72c5518bc8192c4eef7662ea4446fd048a6983847bc15312876d9206e1b32ef1a02b81275acd155e87d023e38c2bbf5a0cd42092f68
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-