General
-
Target
3ac3302581e9f360be53466572a0b073381e27eebfbbddb6122000454b2f7bea
-
Size
98KB
-
Sample
220520-1tg3caecd9
-
MD5
3d7b7db8acdd26b42b0005a074a95e9f
-
SHA1
93ae60d24e9ccb02775da1bd9c0457ddd4888f11
-
SHA256
3ac3302581e9f360be53466572a0b073381e27eebfbbddb6122000454b2f7bea
-
SHA512
61f12e8f509ab1fed63a58f93330edc37f73dc7486dea04ff39a8957190daacbaa6bb60d7a2d0051cf59b9890a621f8347b3985ec414b45ebf38adffc363b554
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
168KB
-
MD5
4b7649edf595eaeeb89dcd4703d0cf57
-
SHA1
67751ef3d3fe6db82ff0fbf3d901d4b6c67d99d4
-
SHA256
c4c7bb2450ebb5a20ae3471bccf992bd7c59c3d2324d8581a6b8c139f54b9de5
-
SHA512
0757277daedb9c749e53cc82a4225b73de26662d05edd97059852039558b0f54e78ad779c61e368d51aa78c6fe9a8ec8935f375b6a9790a92b6b584e9d007173
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-