General
-
Target
9c2c1ec8b79146fe738554c3278c0c5aa0233b78fabc9babab89d460959901de
-
Size
196KB
-
Sample
220520-3gv5jsghc6
-
MD5
a2ce4f44ad38c51c43d8d7a6e99a16b1
-
SHA1
3f8bd5d0106a434e6233f9820571963991d99e04
-
SHA256
9c2c1ec8b79146fe738554c3278c0c5aa0233b78fabc9babab89d460959901de
-
SHA512
a018c0686140a80f5094f11aca41c3bf247e4f752116fd6100877ecce02d178637169fbba3967de18260ff42f4e4cc705bd4debcce70e3ff08a5d7efca6739ef
Static task
static1
Behavioral task
behavioral1
Sample
9c2c1ec8b79146fe738554c3278c0c5aa0233b78fabc9babab89d460959901de.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
9c2c1ec8b79146fe738554c3278c0c5aa0233b78fabc9babab89d460959901de.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://offisepost.info/img/Q/
http://purviitech.com/111/c39b5jp/
https://www.awchang.com/wp-content/uploads/2019/02/uk8h/
https://www.landzoom.com/wp-admin/0Z/
https://www.municipales.lejournaltoulousain.fr/wp-content/yar/
Targets
-
-
Target
9c2c1ec8b79146fe738554c3278c0c5aa0233b78fabc9babab89d460959901de
-
Size
196KB
-
MD5
a2ce4f44ad38c51c43d8d7a6e99a16b1
-
SHA1
3f8bd5d0106a434e6233f9820571963991d99e04
-
SHA256
9c2c1ec8b79146fe738554c3278c0c5aa0233b78fabc9babab89d460959901de
-
SHA512
a018c0686140a80f5094f11aca41c3bf247e4f752116fd6100877ecce02d178637169fbba3967de18260ff42f4e4cc705bd4debcce70e3ff08a5d7efca6739ef
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-