General
-
Target
a55b4f3882a1387ca95ea171cf9521d629ff27ef0dead7e92064e6687e1c6488
-
Size
98KB
-
Sample
220520-1agx8sghaj
-
MD5
6800878ebb9733e22f7599db215c9e3c
-
SHA1
fea16c7b60992da8ebaf885048fe4a01d89773da
-
SHA256
a55b4f3882a1387ca95ea171cf9521d629ff27ef0dead7e92064e6687e1c6488
-
SHA512
241b483d1c2d45ec8e4808df8d0c6083b11ae32dd3af3877439a5fb125f4a11927bb4d24cd442cef2cac4a35986e194bafc6aa0d409ae0cf9bbec49ecbf7ef73
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
b6bc6a79e6bf5d1e18e8982cbdce8427
-
SHA1
6169a9125ef00fbf9a5a2341959b76f7111f5fc4
-
SHA256
f7d99e7dccbb7f860f4188ef450ddaa922d31492887b916a96a802c556303f5f
-
SHA512
5ce753f7e0c7e7ad8ce6d2729b12fc5644338ef0e0a507870ef826005b140faac53f3fccc0558b2a60021d2775581cf0aecb31ecde77f6c5a220f7e56fffb728
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-