General
-
Target
d23b6087f9c63fee7bf5d8e620cf88ca2c38fe8ee342deed923d705fa9b6d68c
-
Size
83KB
-
Sample
220115-cngmmaccfk
-
MD5
0fb282d8f11fe890f0c5002103c2efc6
-
SHA1
146f23d0fc875cf8e9d8602f0edf4ebfd5263fb3
-
SHA256
d23b6087f9c63fee7bf5d8e620cf88ca2c38fe8ee342deed923d705fa9b6d68c
-
SHA512
e98270035d00d3a30e4a2dd7869ed8f50e8587f62e17874dfb287cfd129cc8f4b0bcad88adccd320d8f4d9776a6b579d44834ddde69bdf931f378bfc21c046ec
Behavioral task
behavioral1
Sample
d23b6087f9c63fee7bf5d8e620cf88ca2c38fe8ee342deed923d705fa9b6d68c.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
d23b6087f9c63fee7bf5d8e620cf88ca2c38fe8ee342deed923d705fa9b6d68c.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/
https://wordpress.baishuweb.com/wp-includes/10q0ice6/
http://monorailegypt.com/wp-admin/6uBf9CCfZRMh/
Extracted
http://mail.emilyanncain.com/cgi-bin/A7NT3ENvn/
Targets
-
-
Target
d23b6087f9c63fee7bf5d8e620cf88ca2c38fe8ee342deed923d705fa9b6d68c
-
Size
83KB
-
MD5
0fb282d8f11fe890f0c5002103c2efc6
-
SHA1
146f23d0fc875cf8e9d8602f0edf4ebfd5263fb3
-
SHA256
d23b6087f9c63fee7bf5d8e620cf88ca2c38fe8ee342deed923d705fa9b6d68c
-
SHA512
e98270035d00d3a30e4a2dd7869ed8f50e8587f62e17874dfb287cfd129cc8f4b0bcad88adccd320d8f4d9776a6b579d44834ddde69bdf931f378bfc21c046ec
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-