General
-
Target
New Order- P- 00302001.doc
-
Size
2.2MB
-
Sample
220131-h8y1ashch2
-
MD5
75990fe7c7bfbcd68e3641ced2d184a9
-
SHA1
1227f04860ae3d3137cd5e85b771cc6b339953a7
-
SHA256
132a53a42ec7c727a4eeef4013293ab2e4f3b42d82f7c608f15879dea2de338e
-
SHA512
b2a66f4e40143579223e832296b9031ac9fa9ed836759597bd52add562786bcac88c267ece49551e708edf323e14b2bb7fdd1159f211ef222f43b0ddc1e7fa3f
Static task
static1
Behavioral task
behavioral1
Sample
New Order- P- 00302001.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
New Order- P- 00302001.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
u3s4
treducation.net
picashowapk.com
puzzletourny.club
alleenas.com
xgyvsf.icu
valencia-noticias.com
xooxd.pet
kikimodel.com
familyfx.win
halosg.com
ishrcb.com
867537.icu
aadibhatt.net
purebloodbanks.com
zhongwentao.top
slot777dunia.com
lesbonbonsdemamiejeanne.com
prune.digital
zsyqfk.com
yamamichi-satoshi.com
dibesupply.com
million.shoes
choumiryou.biz
krogervouchersnow.cloud
robertgraam.com
isupportworldwidecom.com
golfcartsofcolorado.com
adlerorange.com
metalnstaqramdesstektelf.site
triplehretreats.com
rokiwuz.com
obsidiantoday.com
crismedinamusic.com
gebmop.online
mc66.club
onedaystaffing.agency
kobilabgt.com
reliantstores.com
elito.icu
imaginemallory.com
zmfgrcfpcpdkm.com
cestasbellatrix.com
siltexon.space
pinkmariekelleyonline.com
pdpassist.com
gddy.tech
consequentcompliance.com
tombroka.com
faturarealize-fevereiro.online
adfwre56ga.net
zerosuperhero.group
amazontype.com
educate-virtual.com
byleague.com
cranknationstudios.com
fredericklactation.com
propscuepartners.com
nr5k1.com
jewsforuyghurs.com
loseweight.expert
livelove4u.com
soloestabamirando.com
smartappagency.com
tipsyfoxcocktailbar.com
wanghumall.com
Targets
-
-
Target
New Order- P- 00302001.doc
-
Size
2.2MB
-
MD5
75990fe7c7bfbcd68e3641ced2d184a9
-
SHA1
1227f04860ae3d3137cd5e85b771cc6b339953a7
-
SHA256
132a53a42ec7c727a4eeef4013293ab2e4f3b42d82f7c608f15879dea2de338e
-
SHA512
b2a66f4e40143579223e832296b9031ac9fa9ed836759597bd52add562786bcac88c267ece49551e708edf323e14b2bb7fdd1159f211ef222f43b0ddc1e7fa3f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-