General
-
Target
ac0ade2117c3b78427ea14d30f0f5b7630e54ecf37aeea66289da4dfbbdc6a96
-
Size
98KB
-
Sample
220520-z8x7fadfb5
-
MD5
f5f71f268b90ff8b24a417813efd3bba
-
SHA1
8bacb31bdd85b29293842f2e2dcd14e7f2913fc5
-
SHA256
ac0ade2117c3b78427ea14d30f0f5b7630e54ecf37aeea66289da4dfbbdc6a96
-
SHA512
0e27145854e4459bbdd974973fdc86c7cbb0d301d016345bee259c5286f0891f82b9af455c2e3bffe4254e92ffdc8101f63e62bdfa7f3b3f755806997746b3ee
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
81470c1813e6f173ad2af394725001bd
-
SHA1
3bb4cc7ec0e4a7aba475065341dcd26fb17230c7
-
SHA256
5293588efc9ab0d7fb9777c0bf75ed1974bcc07364bd907aa5ff69b13de3aa46
-
SHA512
11a027f3259ca9b444e004204e490059ef83ea122dcc9c828371888051b8b1303911f5cac9c7b30c3c903478b9fca5322cec93eabf026ac768de39cd1c097d47
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-