General
-
Target
a86a399a35db3c941f4804533cb5afad882a4827430164754ac7a33a9bd3c9dc
-
Size
98KB
-
Sample
220520-z94evadfe4
-
MD5
73b295791f66bd39ed3064ba9fbf4a9e
-
SHA1
f1659d93207b0b2180c7fe54af96a79ef166d286
-
SHA256
a86a399a35db3c941f4804533cb5afad882a4827430164754ac7a33a9bd3c9dc
-
SHA512
a9fe8071277e2a80228aa12c7035293b62ab54e289621e6bb0593b4f9cfc18453ca77ee8b52d419952b05f0e1d8d1819d644a37a9a7476df7556422c878c005a
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
632eeff282f84e6c7609a184e9360c76
-
SHA1
2df2f8170ff8e0aa05793ba2c118fd4e09c32ded
-
SHA256
c16d709aa67dd00794256f4f7cbce899ece6f7d22a9964a67237372c08b1ed9f
-
SHA512
d17230a7667498431db206608a604479a20f13351a800464b92567e1c45d9aed9c943058f6a142cb4723379b54b648d9a112b1380cffa13a2743633a9b595b74
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-