General
-
Target
db676ef714ea818edca3ff4a25da38808cbec2a6d7b944a237e44ad29d8932da
-
Size
83KB
-
Sample
220115-ehzx5acfhp
-
MD5
a9732242b92b6c4499367ea3d9704807
-
SHA1
b731a47794a16b903cab1dae5adfbc966b24a0f0
-
SHA256
db676ef714ea818edca3ff4a25da38808cbec2a6d7b944a237e44ad29d8932da
-
SHA512
d07044867899d13df8e35bffdc9615b38900b5fa40e87c008cac14aff8bc01897d283a6fe4083f9ce17d6246130dffc859cbb6f11cf333271be5b3c93fe13eaf
Behavioral task
behavioral1
Sample
db676ef714ea818edca3ff4a25da38808cbec2a6d7b944a237e44ad29d8932da.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
db676ef714ea818edca3ff4a25da38808cbec2a6d7b944a237e44ad29d8932da.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
Targets
-
-
Target
db676ef714ea818edca3ff4a25da38808cbec2a6d7b944a237e44ad29d8932da
-
Size
83KB
-
MD5
a9732242b92b6c4499367ea3d9704807
-
SHA1
b731a47794a16b903cab1dae5adfbc966b24a0f0
-
SHA256
db676ef714ea818edca3ff4a25da38808cbec2a6d7b944a237e44ad29d8932da
-
SHA512
d07044867899d13df8e35bffdc9615b38900b5fa40e87c008cac14aff8bc01897d283a6fe4083f9ce17d6246130dffc859cbb6f11cf333271be5b3c93fe13eaf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-