General
-
Target
b5d5cd9f663587f2151ec927231d7058d317666224b71c201bf5db90658c12ac
-
Size
83KB
-
Sample
220115-bmtp5abga6
-
MD5
91ee11d4e4533a1346dc00ea597fe37e
-
SHA1
3948c694aca4b5d18a12bd2ff0fe5339d9923a02
-
SHA256
b5d5cd9f663587f2151ec927231d7058d317666224b71c201bf5db90658c12ac
-
SHA512
ad6a4640d5044aea187596b74013f6ca3e3e0382114d3bb55a2835e6a9aa0f807767d218ca5bfe9b31df851c765721b4a7c174aa0ee00e0d9a0410436ee9df03
Behavioral task
behavioral1
Sample
b5d5cd9f663587f2151ec927231d7058d317666224b71c201bf5db90658c12ac.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
b5d5cd9f663587f2151ec927231d7058d317666224b71c201bf5db90658c12ac.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
Targets
-
-
Target
b5d5cd9f663587f2151ec927231d7058d317666224b71c201bf5db90658c12ac
-
Size
83KB
-
MD5
91ee11d4e4533a1346dc00ea597fe37e
-
SHA1
3948c694aca4b5d18a12bd2ff0fe5339d9923a02
-
SHA256
b5d5cd9f663587f2151ec927231d7058d317666224b71c201bf5db90658c12ac
-
SHA512
ad6a4640d5044aea187596b74013f6ca3e3e0382114d3bb55a2835e6a9aa0f807767d218ca5bfe9b31df851c765721b4a7c174aa0ee00e0d9a0410436ee9df03
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-