General
-
Target
a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51
-
Size
83KB
-
Sample
220115-b8p9tsccap
-
MD5
0f9d8eef6e2b87a3759a45e1e127d94a
-
SHA1
1333efaa172a9d858b686482c75d4d4b13582a9b
-
SHA256
a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51
-
SHA512
82e63db9145621fa07011a36f82cd603c40a8ca9dfa6408318923eec182d89acd3e552d19bbe9fcfdd4127bcb05bcef0de5ed4f1a38577d2c05b0844adc6a499
Behavioral task
behavioral1
Sample
a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/
https://wordpress.baishuweb.com/wp-includes/10q0ice6/
http://monorailegypt.com/wp-admin/6uBf9CCfZRMh/
Extracted
http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/
Targets
-
-
Target
a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51
-
Size
83KB
-
MD5
0f9d8eef6e2b87a3759a45e1e127d94a
-
SHA1
1333efaa172a9d858b686482c75d4d4b13582a9b
-
SHA256
a59149fcacf8a5c564f48dc446b7cef1203a0ab92fec9dead2b3645bb24d3e51
-
SHA512
82e63db9145621fa07011a36f82cd603c40a8ca9dfa6408318923eec182d89acd3e552d19bbe9fcfdd4127bcb05bcef0de5ed4f1a38577d2c05b0844adc6a499
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-