General
-
Target
RFQ_OFFER_3098_5RFQ-5914.doc
-
Size
2.2MB
-
Sample
220131-hks45sghf2
-
MD5
150261328c9acaecc66968ae0efd37ee
-
SHA1
19eeff6bfc783323a85950682958f5e006c5b0e8
-
SHA256
c796080f9c704855e94c27f3126628cc1434b252ae6a8168de81865d7e4eb20a
-
SHA512
c3bb944949065d71fbdeb054c2d6ac59a52a4e023207087a2c2ae5d8b5b6ed292d01d2405120913e683e7a903fc259719d35c33001aa72e30df74b2d6a5197f0
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_OFFER_3098_5RFQ-5914.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
RFQ_OFFER_3098_5RFQ-5914.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
cc16
dcownloadaudiobooks.com
agencyfreedom.net
code9help.com
nextstarwkrg.com
ashleyjana.net
livingarrangementmove.com
nuevorenaultaustral.com
cyptosphere.com
thelearningforestacademy.com
frestail.info
veohat.online
infoemailteamitnetalpha.com
rainforestsloth.com
auzunstore.com
comepritty.com
comchain.digital
spacemind.space
riacompliancebox.com
rocketaccoynt.com
feng01.xyz
gadgetbursts.com
lccontrolsystems.com
bestphotonow.com
safetyrunway.com
similarbringdoctor.top
vrdining.net
peoplehealty4.xyz
bedside.care
impfen-mit-herz.com
pacificwestaccess.com
douvip462.com
radiogenesisiguazu.com
musicnoreverywhere.xyz
newjerseyplumbingservices.com
homes4saleincampbellriver.com
lojas12.com
agras.expert
lubomirgroch.com
xu8arboo59y3.xyz
vuecreativeagency.com
alexandre-langlois.net
shelbytokenshop.com
apotek.site
zeynepserce.com
smallpocketsbigbrand.com
xhtd6085.com
dylansinteriorpaintingllc.com
lasertherapyhawaii.com
redoris.com
capereno.com
jiangxibzy.com
045119.com
rachaelphillipsdataexpert.com
themajestichouse.com
hagyreo.xyz
diesel-heart.com
samsaratee.com
chsnetworking.com
aiotoy.com
tf2bux.com
lapsoiot.xyz
257mg.xyz
securebre.cat
murdercloud.com
movies2watchcc.com
Targets
-
-
Target
RFQ_OFFER_3098_5RFQ-5914.doc
-
Size
2.2MB
-
MD5
150261328c9acaecc66968ae0efd37ee
-
SHA1
19eeff6bfc783323a85950682958f5e006c5b0e8
-
SHA256
c796080f9c704855e94c27f3126628cc1434b252ae6a8168de81865d7e4eb20a
-
SHA512
c3bb944949065d71fbdeb054c2d6ac59a52a4e023207087a2c2ae5d8b5b6ed292d01d2405120913e683e7a903fc259719d35c33001aa72e30df74b2d6a5197f0
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-