General
-
Target
a8a0665f463877246ddc31c29b19c8eaa07f476ca45bbea24f5365e1867f0adb
-
Size
98KB
-
Sample
220520-z9zfwsdfd6
-
MD5
45834d79984a19cfa753eced08e104a9
-
SHA1
6d0adcac29d98990c5e4ec3605d1ba60b3e0558f
-
SHA256
a8a0665f463877246ddc31c29b19c8eaa07f476ca45bbea24f5365e1867f0adb
-
SHA512
98349589064383c356edb806a0503d6bc17fc9feaacc9a430115030c20c804a8179ffaeb7d3b06d2f564d4f5475d042feeb4e56f003b55408d47b3335571764a
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://manandvanwaterlooville.co.uk/wp-admin/prX892/
https://uniral.com/captchasignup/4J579681/
https://scyzm.net/lkx7/lqoH8S/
https://amagna.nl/DZ9MzAobu3/37Z/
https://nilinkeji.com/online/90fb31/
Targets
-
-
Target
sample
-
Size
169KB
-
MD5
6fe13f6ba7544793fcd755d645ec0791
-
SHA1
107c47d1fecf43739ff6608ea6ed296e0fa4872f
-
SHA256
70d75d5cd67db6987e30cdec0ba5856d4d7acaedba8e771af42a12151b44295c
-
SHA512
05950247a4cb506ee4d6bfaa74b076d5e95c8d3d103d0173a84a979945c542c010cf13832bec4a0b2a537805cf5737268d03ad48e0daf1fb91a67f2aeb211b49
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-