General
-
Target
86d3bab0813b39f2fddfb6b8ee2c7bde585a5c13d972ad3d75d71f4d64d7bb5e
-
Size
98KB
-
Sample
220520-1e4ykahadl
-
MD5
d3a1e493a5afaef545ecd675b19fe0f7
-
SHA1
8187e732236ff785e6885fb43698d71e13845489
-
SHA256
86d3bab0813b39f2fddfb6b8ee2c7bde585a5c13d972ad3d75d71f4d64d7bb5e
-
SHA512
970bc4ee39090dbe920fc4cbd1de4c22d391aff6b40353907ad883caf2f268b883d84077c3e411915827355a3f3f96fd742d8dbccff0fc1003564e0443e6ada4
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://focalaudiodesign.com/wp-content/3j_g08k2_6s/
http://www.microcommindia.com/css/9wu_sjp_rvn/
http://mikeflavell.com/cgi-bin/akmt_4ns_bau/
http://mosdk.com/img/bg/css/ymiu_ow_uiatk/
https://overcreative.com/css/fgn_al1_gav0/
Targets
-
-
Target
sample
-
Size
171KB
-
MD5
85e8cf7f6540a5ec489dda61d68b4e47
-
SHA1
576caaf8dab0632331c58026deff9add882e9244
-
SHA256
330c445638c69688590588cb2f7c932ef4c5da718b98ea8f341befdcf64218b2
-
SHA512
0c7c6b94b647800be7588dfc8f7c9a21b54b31728cf51bbbf73076531faeaf4425535d173df0b2cf9ac40824cbed168be0f23cfce0a5629cce21932b64f331a8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-