General
-
Target
b10b44c5cd6bdf18bd43111fd8bbcc8c5d0ecdc1ba2709dcf3e3ab22bc6e4444
-
Size
98KB
-
Sample
220520-z74mtsdfa2
-
MD5
1c21c6f79cef31e185f99751ed74e99c
-
SHA1
06c0f60640f5ab6cef690400daff3751426d2ab7
-
SHA256
b10b44c5cd6bdf18bd43111fd8bbcc8c5d0ecdc1ba2709dcf3e3ab22bc6e4444
-
SHA512
5cf723082037605271fb616bee31121065028c2c0c7a4224f54daa74a21d341f845bd62c91bbb0145ca76c8647addb787b2b1d808d7c63c026967eef7ab58591
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
e970052c14a7578c20c793f7b248ab29
-
SHA1
a2deb56280b70d336680d9900f7d933e8a633e74
-
SHA256
b84c418f6707648b81953a4e360dd80ab7594a32e6e45c94477cc771cfc27337
-
SHA512
e40c13a6ecdaa8884780bc8dcf2b6d36728efa8e083f313823f87de9bdb6aae30370e477208cb61648bca4f88c06a844f837e8ca69dd8ea16367c7d64bf944b6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-