General
-
Target
3724ec349f7cc1e4b412a6d58c2bb44de936abdbf105b3c404bf45e00d4e2533
-
Size
98KB
-
Sample
220520-1tx4kaece8
-
MD5
456fc6b9fbf2ff657a9b93d46e76487c
-
SHA1
4310b185c6138629283d6093fcdd12d9041e3f1e
-
SHA256
3724ec349f7cc1e4b412a6d58c2bb44de936abdbf105b3c404bf45e00d4e2533
-
SHA512
04191c6dc934d8f43f62d0f77347d8b436eb6eb1916fa3a60d3b1b6f6c33d06461e84a3d294d19374c043d4e76d2323b1c9e706ac1dd8c9612626ac1478f3015
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
afb5e20db40e467a8cacf54c97ae0260
-
SHA1
25d0678af0d1a13c0e9d7cddcbf36f92b456d8fc
-
SHA256
fab24e56f202cebd46c30a914d6e5fff1d01ad7909a425eed9a8ddbec99cb8ae
-
SHA512
b50594654e82c48c283635395b00f747834e7e4f7be1e8b5fccc20ea8e915596b4d5fdb3ef1989ce318d5561272b10645053269bd24e8d45cfc0967c70a4bc8d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-