General
-
Target
fa938c8e0833e3d8a642ab29cb8ecfde8d1ef574837d41a7e4a7c1676ec91531
-
Size
1.7MB
-
Sample
220119-16xzbsdfcj
-
MD5
c29a9e09451389facd0961601a531605
-
SHA1
129c8b45205e56810e34505aa1f3aff3d0021bbe
-
SHA256
fa938c8e0833e3d8a642ab29cb8ecfde8d1ef574837d41a7e4a7c1676ec91531
-
SHA512
c656bc2107993b36a2ce9bef0d67cdaee1b9d8573770d9033705fe6fff14c6d93915024bcc7fda1006283f7b6ae65a32244e294abc3a3c0a5e0d497fb4a1458b
Static task
static1
Behavioral task
behavioral1
Sample
fa938c8e0833e3d8a642ab29cb8ecfde8d1ef574837d41a7e4a7c1676ec91531.xll
Resource
win10v2004-en-20220112
Malware Config
Extracted
Targets
-
-
Target
fa938c8e0833e3d8a642ab29cb8ecfde8d1ef574837d41a7e4a7c1676ec91531
-
Size
1.7MB
-
MD5
c29a9e09451389facd0961601a531605
-
SHA1
129c8b45205e56810e34505aa1f3aff3d0021bbe
-
SHA256
fa938c8e0833e3d8a642ab29cb8ecfde8d1ef574837d41a7e4a7c1676ec91531
-
SHA512
c656bc2107993b36a2ce9bef0d67cdaee1b9d8573770d9033705fe6fff14c6d93915024bcc7fda1006283f7b6ae65a32244e294abc3a3c0a5e0d497fb4a1458b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Bazar/Team9 Loader payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Loads dropped DLL
-