General
-
Target
d7818be62c9a6e0eefdc0fd0a685debddaa7d58bdc9140d59be286e46b7bb766
-
Size
83KB
-
Sample
220115-p34rxseehq
-
MD5
34e0a4e56f8909079a089d24df66f342
-
SHA1
c2bdc0bcaf067faa30d06fdd306bffe84142bd00
-
SHA256
d7818be62c9a6e0eefdc0fd0a685debddaa7d58bdc9140d59be286e46b7bb766
-
SHA512
144bc39853b61bd2043a037bba37f11bf3ed43e4ea19140fa2decfae007794b4899fc85e62e5987ca4c0a004139e96a40f4f8d056d0efb3d46e55f49c596a550
Behavioral task
behavioral1
Sample
d7818be62c9a6e0eefdc0fd0a685debddaa7d58bdc9140d59be286e46b7bb766.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
d7818be62c9a6e0eefdc0fd0a685debddaa7d58bdc9140d59be286e46b7bb766.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
http://dichnghiatienganh.com/jvmqawn/2mdbSTjM1Lg/
https://www.moharrampartners.com/requestion/wiA/
Extracted
http://recont.com/n8xbqb/lwEORjcJYPKCNQ/
Targets
-
-
Target
d7818be62c9a6e0eefdc0fd0a685debddaa7d58bdc9140d59be286e46b7bb766
-
Size
83KB
-
MD5
34e0a4e56f8909079a089d24df66f342
-
SHA1
c2bdc0bcaf067faa30d06fdd306bffe84142bd00
-
SHA256
d7818be62c9a6e0eefdc0fd0a685debddaa7d58bdc9140d59be286e46b7bb766
-
SHA512
144bc39853b61bd2043a037bba37f11bf3ed43e4ea19140fa2decfae007794b4899fc85e62e5987ca4c0a004139e96a40f4f8d056d0efb3d46e55f49c596a550
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-