General
-
Target
dictate.010.22.2021.doc
-
Size
34KB
-
Sample
211022-qw1mcscehn
-
MD5
bf0ddf189d1334e11275e04ddc576bde
-
SHA1
21f303963b50a4129a513b68debe23225c6b9dc1
-
SHA256
87c48d3ffddbc8284f5b037b94b150b40dcc27cd27c3a2d7d8a2ddb63dc562e1
-
SHA512
3fed6367d0c17504eaf3d817a35001428ab2ab0db3a8c7698024781ddae3922a844406c848fcc558ab5854b85903eb0c42713983f485db9c69061ae85d275a81
Static task
static1
Behavioral task
behavioral1
Sample
dictate.010.22.2021.doc
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
dictate.010.22.2021.doc
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
dictate.010.22.2021.doc
-
Size
34KB
-
MD5
bf0ddf189d1334e11275e04ddc576bde
-
SHA1
21f303963b50a4129a513b68debe23225c6b9dc1
-
SHA256
87c48d3ffddbc8284f5b037b94b150b40dcc27cd27c3a2d7d8a2ddb63dc562e1
-
SHA512
3fed6367d0c17504eaf3d817a35001428ab2ab0db3a8c7698024781ddae3922a844406c848fcc558ab5854b85903eb0c42713983f485db9c69061ae85d275a81
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-