General
-
Target
a32fd9f1f28e4b6a8c6460444b13b777d35fef0ccecafe67a2c0a9cf63e8f219
-
Size
98KB
-
Sample
220520-1av5vsghap
-
MD5
885e774770ffe7909b9ede2a9e427af2
-
SHA1
c3bfd5a03085be7bcb32567f34a939f122f033ca
-
SHA256
a32fd9f1f28e4b6a8c6460444b13b777d35fef0ccecafe67a2c0a9cf63e8f219
-
SHA512
63c049bd054d5fa9149d8c3822b9166c27776be437cfc78118598ea5025df054899442bded5549359267e1fae9e01cd40d68a8bb8b4d7db6a1c5a5da03748b71
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
168KB
-
MD5
4acd7533d8ec63f913c67cbf7cad6e40
-
SHA1
55b620567b8245febda5282d60c42ddd15314343
-
SHA256
eece4ec540e8ae52c63b4384986f2de0003b5b51d486ee8602de1709feb06dc4
-
SHA512
543abc7306d6e77f7b5b1cbc149d83d0bd2a5a7c0fe56505d9a8a46245c45430f7bb1770dc5e6a014bc065712c52680e2d8d747dcb90fd6dfa46faf8479c5203
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-