General
-
Target
27d5342d287598dc00361e27aaaa435658ecdbba5946fa1f57676e19c1bd5b51
-
Size
99KB
-
Sample
220118-lk12jaaee3
-
MD5
b9d75dd60fad1aff6ae93665148b9d73
-
SHA1
eea4727bbd0360cb18b36361977ddc4ece270f06
-
SHA256
27d5342d287598dc00361e27aaaa435658ecdbba5946fa1f57676e19c1bd5b51
-
SHA512
ecf45e5513adb528f15cfe709536964878bbb2d643e2dfce428358819cdcf335ed7955d5eee89b8784ab9de5b8ae681d4a025cc38a6f616dc0922d4bd6ede9b6
Behavioral task
behavioral1
Sample
27d5342d287598dc00361e27aaaa435658ecdbba5946fa1f57676e19c1bd5b51.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
27d5342d287598dc00361e27aaaa435658ecdbba5946fa1f57676e19c1bd5b51.xlsm
Resource
win10-en-20211208
Malware Config
Extracted
http://avionxpress.com/lp/T9b1Bga4FdDfP5HI/
http://news.tapchivietkieu.info/wordpress/CJzFM/
http://monosun.net/wp-includes/JcDnYBSKpyfU/
Extracted
http://avionxpress.com/lp/T9b1Bga4FdDfP5HI/
Targets
-
-
Target
27d5342d287598dc00361e27aaaa435658ecdbba5946fa1f57676e19c1bd5b51
-
Size
99KB
-
MD5
b9d75dd60fad1aff6ae93665148b9d73
-
SHA1
eea4727bbd0360cb18b36361977ddc4ece270f06
-
SHA256
27d5342d287598dc00361e27aaaa435658ecdbba5946fa1f57676e19c1bd5b51
-
SHA512
ecf45e5513adb528f15cfe709536964878bbb2d643e2dfce428358819cdcf335ed7955d5eee89b8784ab9de5b8ae681d4a025cc38a6f616dc0922d4bd6ede9b6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-