General
-
Target
tmpvvmnky3x
-
Size
154KB
-
Sample
220128-dymr3afee6
-
MD5
d8c1ea72fa5e42498c2d09ba8645a121
-
SHA1
5302781e3d9635b640a1657f95a158a0e2543b33
-
SHA256
5b6e9ac2dc10dbbd46e398cd63bfa5b18cc58c18745b4cde64c66343f1131247
-
SHA512
dd9877c447586f670713b1df5ce83c2d0830e194949f6636138e49d7b6a128c9582be42a4cd57e311394d853389401c4293baff11c774a6a287aa7688a4ff1b0
Behavioral task
behavioral1
Sample
tmpvvmnky3x.xls
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmpvvmnky3x.xls
Resource
win10-en-20211208
Malware Config
Extracted
http://91.240.118.168/qqqw/aaas/se.html
Extracted
http://91.240.118.168/qqqw/aaas/se.png
Targets
-
-
Target
tmpvvmnky3x
-
Size
154KB
-
MD5
d8c1ea72fa5e42498c2d09ba8645a121
-
SHA1
5302781e3d9635b640a1657f95a158a0e2543b33
-
SHA256
5b6e9ac2dc10dbbd46e398cd63bfa5b18cc58c18745b4cde64c66343f1131247
-
SHA512
dd9877c447586f670713b1df5ce83c2d0830e194949f6636138e49d7b6a128c9582be42a4cd57e311394d853389401c4293baff11c774a6a287aa7688a4ff1b0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-