General
-
Target
c11eb5e233cd0b35d2d66853ba6f02b1a1ebc0cee3bac6725e54040fcc2c3125
-
Size
98KB
-
Sample
220520-z5ln8sded2
-
MD5
82cb854c03d62c6afaf9b764e26f1285
-
SHA1
f151e33b8cc6513ae4e2d351ea3f1aea4777f749
-
SHA256
c11eb5e233cd0b35d2d66853ba6f02b1a1ebc0cee3bac6725e54040fcc2c3125
-
SHA512
d45d12388bfd22861258b7ba108e88e1894a4909898bdfdcb0a8943d9d2e12adf79879da0ba5a6517fbf0e195d413effdf862d83bcfe69427b498e48b6e72ad5
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
1b8bb729ea50f3693ab40f7d666dd989
-
SHA1
12806d2409ee1842ab8b8cfcedc5b7f94605000c
-
SHA256
21a4526681f542f3066046ac15cf21e2d5e9d49314df6b742be7b46d67f8f0a7
-
SHA512
f5d982a58ae70d5ff6aa767895dc2a4280ae3bfa0777f72d020736ed59be72bb48c05c3c77879fa124cd964635db3573ea768e4501e0b126388e4646fa7434fa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-