General
-
Target
?i=1friqmykq
-
Size
110KB
-
Sample
220419-ez24tacack
-
MD5
a3c1eee45b2ee65f5f0fda091c3b9bfe
-
SHA1
1bd37dfba56924ab73ce9f6da17a946715b6a76a
-
SHA256
e95a1d9f8651d516e59ddffadc5fd94a499b888077d6cc60ee5cc1b95c1f91e7
-
SHA512
ec072cf278b55e4b5e283ebb49aacf924cda7e83a2004c84264a4b1d47b3fb280b6313740fd77df2ac59f007a8f4535f5219a010b1d02a7dd1718f39eca3359e
Static task
static1
Behavioral task
behavioral1
Sample
?i=1friqmykq.xlsm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?i=1friqmykq.xlsm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://46.105.81.76/c.html
Targets
-
-
Target
?i=1friqmykq
-
Size
110KB
-
MD5
a3c1eee45b2ee65f5f0fda091c3b9bfe
-
SHA1
1bd37dfba56924ab73ce9f6da17a946715b6a76a
-
SHA256
e95a1d9f8651d516e59ddffadc5fd94a499b888077d6cc60ee5cc1b95c1f91e7
-
SHA512
ec072cf278b55e4b5e283ebb49aacf924cda7e83a2004c84264a4b1d47b3fb280b6313740fd77df2ac59f007a8f4535f5219a010b1d02a7dd1718f39eca3359e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-