General
-
Target
btrhgymo
-
Size
254KB
-
Sample
220419-etf96aehh4
-
MD5
b28ac13475bfa5af9555ee68b1a1fcd1
-
SHA1
a027df13a1a3bdbf45640ad1e18a8dd4ba701559
-
SHA256
2f90590da13be020cab94f6054224224af5d674bb07964796cbb051cef5dde3a
-
SHA512
db8c5531fa396dd9da9dc82e830e6567c89a6d71a7627d7eaefcedb3760c4b5d842272235b10d560a130f0594ff42dddad20225fe8610aa48dc986642586faf6
Static task
static1
Behavioral task
behavioral1
Sample
btrhgymo.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
btrhgymo.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://okaseo.com/cache/12zl5o-duttqzih2-31839309/
https://koddata.com/wp-content/VDgENx/
https://parentingtopsecrets.com/pts/ys8cwojcvc-k1ks0vpkk9-3619095223/
http://neproperty.in/cgi-bin/hjjz1r5p-5n7mea41-7609513198/
https://mcuong.000webhostapp.com/wp-admin/aggrp2crnz-nt74vk3f-91560/
Targets
-
-
Target
btrhgymo
-
Size
254KB
-
MD5
b28ac13475bfa5af9555ee68b1a1fcd1
-
SHA1
a027df13a1a3bdbf45640ad1e18a8dd4ba701559
-
SHA256
2f90590da13be020cab94f6054224224af5d674bb07964796cbb051cef5dde3a
-
SHA512
db8c5531fa396dd9da9dc82e830e6567c89a6d71a7627d7eaefcedb3760c4b5d842272235b10d560a130f0594ff42dddad20225fe8610aa48dc986642586faf6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-