General
-
Target
tmpmxbiywz7
-
Size
155KB
-
Sample
220128-dzbq7afef4
-
MD5
1ab15f4dc8676e0abad31a0a4ce4be81
-
SHA1
3323dc1daa00893cae736d9b8e605aa30381a570
-
SHA256
c806460f16395741aacdfb8bb050a7fe7a103cbbea14523435dc57a567f6af46
-
SHA512
14f81d49302a04461e4c310203fe8b2636fca607858d4eefe294678c4233dcd24a75e4dbdd76144e14001eda26643784746f3b65b15edb5d67757a161935754d
Behavioral task
behavioral1
Sample
tmpmxbiywz7.xls
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmpmxbiywz7.xls
Resource
win10-en-20211208
Malware Config
Extracted
http://91.240.118.168/qqqw/aaas/se.html
Extracted
http://91.240.118.168/qqqw/aaas/se.png
Targets
-
-
Target
tmpmxbiywz7
-
Size
155KB
-
MD5
1ab15f4dc8676e0abad31a0a4ce4be81
-
SHA1
3323dc1daa00893cae736d9b8e605aa30381a570
-
SHA256
c806460f16395741aacdfb8bb050a7fe7a103cbbea14523435dc57a567f6af46
-
SHA512
14f81d49302a04461e4c310203fe8b2636fca607858d4eefe294678c4233dcd24a75e4dbdd76144e14001eda26643784746f3b65b15edb5d67757a161935754d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-