General
-
Target
ce6d74e5bf1e0105f0591158e02bc48f4167448405379c0c01479bbc363df8ed
-
Size
98KB
-
Sample
220520-z3czbaddf4
-
MD5
c322fb5f21407334dcdf9cfa68b6423b
-
SHA1
7927f6f5ad53ce906515404a7fc334e6fc1f0b97
-
SHA256
ce6d74e5bf1e0105f0591158e02bc48f4167448405379c0c01479bbc363df8ed
-
SHA512
b5a354ccae1a46b71c002123700878202d479bf0ccbad301126e17a778016bf16f9e85cb43710fd05d093255aee04fe99660063300a1b9275559eb410fc556f4
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
589b837a24c5ca06755ff4cc8f3f3527
-
SHA1
71d87108a2065c19016139803945eb1ad208c08a
-
SHA256
20a246aca6750eca888fab3072ecd8af33f5d8fadeaaa7a8273d248eccdecd57
-
SHA512
6be20ab0c300acff81980a71b7dc567280cbd7e0a4f800b8ef76d9e24c446ca5af705b5de0b39e554c20244139ff38bf21210a24b330b641c232063f37010cc7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-