General
-
Target
d18ee35b037d473e3ef71c9d7b34e4a758b27a2ac27316621475b6944e5d453c
-
Size
83KB
-
Sample
220115-cqtd7sbhh7
-
MD5
33882b5b26a57a11821b91ada304c96a
-
SHA1
c8ea99b2460c4d7206ef5a0b5c309d06a6137627
-
SHA256
d18ee35b037d473e3ef71c9d7b34e4a758b27a2ac27316621475b6944e5d453c
-
SHA512
9e8ea7aaa6ca92c9dc712884ad8216da6d07cf97801a8f59cff51613a54e30f35cadea60b881b9eccaa0f6c82e35b3b6e07621dbb4d9ba9a1fd1de3dd890db5c
Behavioral task
behavioral1
Sample
d18ee35b037d473e3ef71c9d7b34e4a758b27a2ac27316621475b6944e5d453c.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
d18ee35b037d473e3ef71c9d7b34e4a758b27a2ac27316621475b6944e5d453c.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
Targets
-
-
Target
d18ee35b037d473e3ef71c9d7b34e4a758b27a2ac27316621475b6944e5d453c
-
Size
83KB
-
MD5
33882b5b26a57a11821b91ada304c96a
-
SHA1
c8ea99b2460c4d7206ef5a0b5c309d06a6137627
-
SHA256
d18ee35b037d473e3ef71c9d7b34e4a758b27a2ac27316621475b6944e5d453c
-
SHA512
9e8ea7aaa6ca92c9dc712884ad8216da6d07cf97801a8f59cff51613a54e30f35cadea60b881b9eccaa0f6c82e35b3b6e07621dbb4d9ba9a1fd1de3dd890db5c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-