General
-
Target
Inquiry 06 MAY 2022.doc
-
Size
5KB
-
Sample
220506-pskajahha7
-
MD5
a9fc67f4ebc5c1d33bd153e7f70f5ab9
-
SHA1
43c44e173b5099f1bd0bf5f36fdf3be46c33007b
-
SHA256
ff6296c9c5d80fd9594c50eff2acaa4f77d76a06f27f7acb8056561fa9654fc3
-
SHA512
6f9ae7bfba6f793141fb0dbf91719dfa2d18fd5838c7ff31a7060b8e88a6078223469a0bfbfdbffbebad1a4c0a8b6a7d5cf5fab6bff5e320243b60a7efc82ee8
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry 06 MAY 2022.rtf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Inquiry 06 MAY 2022.rtf
Resource
win10v2004-20220414-en
Malware Config
Extracted
bitrat
1.38
37.0.11.155:4670
-
communication_password
31af2433c836721a29f5d8e94b790444
-
tor_process
tor
Targets
-
-
Target
Inquiry 06 MAY 2022.doc
-
Size
5KB
-
MD5
a9fc67f4ebc5c1d33bd153e7f70f5ab9
-
SHA1
43c44e173b5099f1bd0bf5f36fdf3be46c33007b
-
SHA256
ff6296c9c5d80fd9594c50eff2acaa4f77d76a06f27f7acb8056561fa9654fc3
-
SHA512
6f9ae7bfba6f793141fb0dbf91719dfa2d18fd5838c7ff31a7060b8e88a6078223469a0bfbfdbffbebad1a4c0a8b6a7d5cf5fab6bff5e320243b60a7efc82ee8
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-