General
-
Target
RFQ_2082983.doc
-
Size
2.2MB
-
Sample
220131-h8y1ashcg9
-
MD5
5626f64c57491d2f2d614c47da4b9063
-
SHA1
1a248103d388028fce134bb9cf3f8051b56f6b50
-
SHA256
153faf944590ffc174faee0c67b6f4a47f186d016881ce3441542f7a36ab8b82
-
SHA512
653c0c288940672b983504b7f522feae7af471325d0a398d7444d4ce1c66343d113e8a1e9bf51246e3a4e69a166707c7aa8bd2fb7e16e8274c782fe0be23987c
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_2082983.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RFQ_2082983.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
dt23
acresyetthrow.xyz
botoxforchronicmigraine.com
bulletproofrzr.com
curiaegroup.com
7seasvisas.com
dofastig.com
xu6gfskoedlj.xyz
indoorindia.com
cinejunky.xyz
projectsunshine.info
wefmans.com
gv3f9asm.xyz
couriergbblogistics.com
tcd-ussf.com
ssmgk.com
beeyou-photography.com
agulhanopalheirobrecho.xyz
damlacreative.xyz
businessinvestmentcanada.today
makingwavesbyterra.com
foresightfundingconsultants.com
fortbendisdstudenthomepage.com
suip.online
higherlevelcontent.com
dingzhiwuhu.com
sans-sanity.com
nashvillesportsauthority.com
clarvazatoareaana.com
xn--malagueamg-z9a.com
datapendukung.com
europetopjob.com
hostingboliviano.com
butdex.online
azbrotherskoreadates.com
siguemipaso.com
rcthanenorth.com
peramidtown.com
hcmslyj.com
bikepackig.com
myparty-store.com
buildngs.com
comptesbancaireswebfr.com
aankoopbegeleider.com
wolfcapitalinvestment.com
mydreamstates.com
makelittlerockgreatagain.com
agripsychbeam.com
thoughtsofaith.com
modepride.one
odocos.com
taylormadewoodwork.com
chevlot.com
footiclub.com
allai-stekt.com
completeinstructoracademy.com
kailo-listjournal.com
oregonspecialistgroup.com
poscyprus.com
awfencestaining-tx.com
qs009.com
tuyauhorizontalcoud.com
atonmnicxwallet.com
godrejriviera-ambivali.info
1michiganlightning.com
shshkj.com
Targets
-
-
Target
RFQ_2082983.doc
-
Size
2.2MB
-
MD5
5626f64c57491d2f2d614c47da4b9063
-
SHA1
1a248103d388028fce134bb9cf3f8051b56f6b50
-
SHA256
153faf944590ffc174faee0c67b6f4a47f186d016881ce3441542f7a36ab8b82
-
SHA512
653c0c288940672b983504b7f522feae7af471325d0a398d7444d4ce1c66343d113e8a1e9bf51246e3a4e69a166707c7aa8bd2fb7e16e8274c782fe0be23987c
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-