General
-
Target
769181ba72d937ac51fdec3411ac5addbc2e93c65ec013ad504d9670d616d12c
-
Size
98KB
-
Sample
220520-1hkdbshbaq
-
MD5
b825da3cb5fd2990fd3a42825a8738dd
-
SHA1
f5acdd3605ef5521afecc24ba4013caa256a1a74
-
SHA256
769181ba72d937ac51fdec3411ac5addbc2e93c65ec013ad504d9670d616d12c
-
SHA512
dcd1c987aaf199be81050a89d220d05022493520ff88ee0ad682451a43e052585c7511eda9d72b33279d536d924fd8c5350b6a72a8da5e353d8f4b05eb5da313
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
24d32f9816e9402510433dcfb1633ea6
-
SHA1
400513d99abba8cf40538c454fa5e86a1cacaa4d
-
SHA256
e9bf95d02c5b2b1e8ac21c595cce59294b8a54da32e71a619cdf2ed03448dc96
-
SHA512
a245510bc7364891ea97bff2c820756d35cc1fe155c2573e570f28613fb21c0f6ebade9be3cdba640c3d9eba23cb5ed8f053e8603fe6cdef1a8fd3869224ccc2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-