General
-
Target
fa964842244e752950fd4ed711759382a8950e13cc2794d6f73ab7eb9169e5ee
-
Size
94KB
-
Sample
211204-c3qh3shghl
-
MD5
ecf475aea6d373c61244f4db7d2ee595
-
SHA1
8f20b0a73d536e74c3c55d1fa98d07ab98ef46b6
-
SHA256
fa964842244e752950fd4ed711759382a8950e13cc2794d6f73ab7eb9169e5ee
-
SHA512
e2e9852a1de72e3e8d569842899c07f0be1d0305c75ac4bfa171ffda6d7d19298da492be2b11174ffe7ab29f379a592f68e30078dffadfdf414c94433bfac087
Static task
static1
Behavioral task
behavioral1
Sample
fa964842244e752950fd4ed711759382a8950e13cc2794d6f73ab7eb9169e5ee.doc
Resource
win10-en-20211104
Behavioral task
behavioral2
Sample
fa964842244e752950fd4ed711759382a8950e13cc2794d6f73ab7eb9169e5ee.doc
Resource
win10-en-20211014
Malware Config
Extracted
http://cotton-world.net/as03M
http://mandram.com/2MouUZ
http://djteresa.net/RTKYqE
http://vkontekste.net/db20
http://art-nail.net/Y
Targets
-
-
Target
fa964842244e752950fd4ed711759382a8950e13cc2794d6f73ab7eb9169e5ee
-
Size
94KB
-
MD5
ecf475aea6d373c61244f4db7d2ee595
-
SHA1
8f20b0a73d536e74c3c55d1fa98d07ab98ef46b6
-
SHA256
fa964842244e752950fd4ed711759382a8950e13cc2794d6f73ab7eb9169e5ee
-
SHA512
e2e9852a1de72e3e8d569842899c07f0be1d0305c75ac4bfa171ffda6d7d19298da492be2b11174ffe7ab29f379a592f68e30078dffadfdf414c94433bfac087
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-