General
-
Target
xoskjmvd
-
Size
106KB
-
Sample
220421-ytfheadbbk
-
MD5
30326e79afdba5026d51ab50b37939d2
-
SHA1
b4b420c4a464d12f62b94c65aff4ba230c95f3f2
-
SHA256
403fdb65274fbfeccb8868e0b400f3ee2281426c7dbbdc7bdb263dff0979d704
-
SHA512
9821a19b0abb1c7ec8f929a47926bdd5a175a006e56e47cba8995cabc1de8c2b04d80b4ace7e7d6227544f58d00efc89f7d569da3bd917d70e42ae1c8dd9e0ce
Static task
static1
Behavioral task
behavioral1
Sample
xoskjmvd.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
xoskjmvd.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://amedion.net/uNMU39B
http://biciculturabcn.com/6s97jYza
http://valenetinternet.com.br/3Rdtv
http://goshowcar.com/9RVqaX
http://wheelbalancetraining.com/9il
Targets
-
-
Target
xoskjmvd
-
Size
106KB
-
MD5
30326e79afdba5026d51ab50b37939d2
-
SHA1
b4b420c4a464d12f62b94c65aff4ba230c95f3f2
-
SHA256
403fdb65274fbfeccb8868e0b400f3ee2281426c7dbbdc7bdb263dff0979d704
-
SHA512
9821a19b0abb1c7ec8f929a47926bdd5a175a006e56e47cba8995cabc1de8c2b04d80b4ace7e7d6227544f58d00efc89f7d569da3bd917d70e42ae1c8dd9e0ce
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-