General
-
Target
a9b30a4e5558ef394952238bfb1df83df07e75bae465f87fd4f9792a2794a288
-
Size
98KB
-
Sample
220520-z9pxfsggfq
-
MD5
f4763be72ded4953d3407c8e6a23b3f9
-
SHA1
9ccc69336b32f27e17935c2689c0a212031bf2b7
-
SHA256
a9b30a4e5558ef394952238bfb1df83df07e75bae465f87fd4f9792a2794a288
-
SHA512
9c8de2146f63b2656e48612a78cf01d6fc75a61903864080211c79ab6eea185636016eb93557441e5ece0bc628d1a65b9c3cdf22583bd89a7a7ecc2d7e614189
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
ab310a6fa9e577168202728f5b50aebf
-
SHA1
fcf9d22d6390f0f59e78af0fe71752064c471619
-
SHA256
a2c4d99f84b10b57c46b0bd1ea0fdd817fbaec3ca977b5b71f62b8ad2896f3d7
-
SHA512
bd3cff2f91f0690656ba541df8b112aba867442335184c689caf72bf31ac18faf98b2dccdd2d33c74437df6d44dbb9cb10b54da217a3224ea849abf1a74e915b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-