General
-
Target
11372b64d5b2d1985613084cd81164f95fc5d9259cfdce779df923ec269a3d0f
-
Size
121KB
-
Sample
220520-12cslahfhl
-
MD5
a358827add91001aa0c589bd64bae2fa
-
SHA1
10a7180d4a4f25e6c8e8415a64c02028a011472b
-
SHA256
11372b64d5b2d1985613084cd81164f95fc5d9259cfdce779df923ec269a3d0f
-
SHA512
1ce4ab7d9bb97b8d915283607c9415a09dac3ef17aa9d6cf0792a7de2904802e0a083fff15d0c1d7efaf30e95a48b386bdac3ac4a8aff5ebf3f92180d96a47b3
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://casaroomz.com/wp-includes/rPG/
http://necibekulac.com/wp-content/dTl4ul/
https://www.homeonetechnologies.com/blog/dcy/
http://todoparaelconfort.com/cgi-bin/wp/
http://aadarshitibhusawal.org/wp-includes/amI/
http://digiarmedia.com/wp-admin/8/
http://avcumda.com/huseyingulgec.com.tr/cO1DS8G/
Targets
-
-
Target
sample
-
Size
231KB
-
MD5
cb235ef0104c8ed67cdb12d17dba8e02
-
SHA1
da7fd08657a9c17d2efe87754218dbd7851212d3
-
SHA256
39af19338e24f5fcea02d5777af1f45eef1669e7834311632f223524b7e773c4
-
SHA512
cb31003906e4140029cd688091f20d2d433df803f295198a48d84eb5b6ac48faafb325acef91e044987dbf63b23d5630f39a926ac1cfafaecabc799bb42f78e5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-