General
-
Target
Order 669 SOS DEI F.LLI CIRELLI SNC.doc
-
Size
2.2MB
-
Sample
220131-lbdjwahed7
-
MD5
6ec0bc735c8265f7708b78c13255d816
-
SHA1
e5b9838854f6dbf46a779097084520685941a942
-
SHA256
d7993d70d7f8a1d66a2a20842331dbe29e0ad8af5fad8a086892fe89878fdfa5
-
SHA512
e25e7117f0d23f569548d9b2495f2b15791a6e7571b772855fe09e389c2e501359035b5a19053953ccf184c62bb9d031b0ce0d82ac941b6b0d07bdd124cd9ed7
Static task
static1
Behavioral task
behavioral1
Sample
Order 669 SOS DEI F.LLI CIRELLI SNC.rtf
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Order 669 SOS DEI F.LLI CIRELLI SNC.rtf
Resource
win10-en-20211208
Malware Config
Extracted
formbook
4.1
g18s
compositetwin.com
bevoegd.com
cheesefestbd.com
gunddaisue.xyz
feiprotocolrewards.com
investmentpassion-2.biz
burnoutttt.com
violetberomunster.online
amrxbar.com
winnersrecycling.com
jlhxfdc.com
cubeobscura.com
iumgbl.com
gaptoy.link
imibimba.com
jklhs7gl.xyz
kaileaoutdoors.com
apartment35205.com
zeitung474.rest
andsourcing.com
alexishealthcareinc.com
jetprocessors.com
nomoredarkspo.com
gelectronics24.com
adrianmartinezhuskers.com
valbrid.net
kipzip.site
semsoci.com
appsdexin.com
bart1.space
xk7ayot97f3l.xyz
nerryukiolaser.xyz
holidayphnegve2.com
daizo-kikai.com
yqcr.online
personal-injury-lawyer.biz
dawngoneit.com
countdowntotheclarks.com
recordedcolor.com
datecproducts.com
schwellbrunn24.net
adreal360.com
mconecta.com
tipofmytonguefilm.com
mypremiumessaywriters.com
newcreationsrm.com
careerfaitplus.com
wondaxr.com
vandadweb.com
wghapt059.xyz
parcel-web-tracker.com
daocommunitydevelopment.com
dd3399.com
xk7aqq257dn6.xyz
myeaser.com
ghosttacklecompany.fish
etherealyou.net
nanocadisophinic.xyz
rostovkamera.com
badmetropriceknow.com
rtithreads360.com
noblegearreviews.com
failbannerembeach.com
zhoupy.xyz
wk7aslhqomk8.xyz
Targets
-
-
Target
Order 669 SOS DEI F.LLI CIRELLI SNC.doc
-
Size
2.2MB
-
MD5
6ec0bc735c8265f7708b78c13255d816
-
SHA1
e5b9838854f6dbf46a779097084520685941a942
-
SHA256
d7993d70d7f8a1d66a2a20842331dbe29e0ad8af5fad8a086892fe89878fdfa5
-
SHA512
e25e7117f0d23f569548d9b2495f2b15791a6e7571b772855fe09e389c2e501359035b5a19053953ccf184c62bb9d031b0ce0d82ac941b6b0d07bdd124cd9ed7
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Formbook Payload
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-