General
-
Target
Cybermesa_Electronic_form_Dt_05.19.2022_US.xls
-
Size
80KB
-
Sample
220521-cphajsecc8
-
MD5
3860f9ae3ac20b34505cd0783dae29a0
-
SHA1
5173d04e3eec3e6300e099cb45e11d75e94cd566
-
SHA256
182a584e336ad66f0013091d4958702c4abc83f3d02156d535c24410c57ba484
-
SHA512
40dd7f750bf1cf3a18ab93797c36506a4ee057b8b95b617133e2f892e68fc4acdf0e81c4883e753d5c56323314d162c9bdfd48c1b224fdb0d279fd4a8d8e4061
Behavioral task
behavioral1
Sample
Cybermesa_Electronic_form_Dt_05.19.2022_US.xls
Resource
win10-20220414-en
Malware Config
Extracted
https://nandonikwebdesign.com/OWs/
https://gelish.com/email-hog/YXaPiWbFMKT/
http://nutensport-wezep.nl/wp-includes/QyezZmBmTL8AulMVv0oh/
http://omeryener.com.tr/wp-admin/oakwcoWufii0JR89G/
Targets
-
-
Target
Cybermesa_Electronic_form_Dt_05.19.2022_US.xls
-
Size
80KB
-
MD5
3860f9ae3ac20b34505cd0783dae29a0
-
SHA1
5173d04e3eec3e6300e099cb45e11d75e94cd566
-
SHA256
182a584e336ad66f0013091d4958702c4abc83f3d02156d535c24410c57ba484
-
SHA512
40dd7f750bf1cf3a18ab93797c36506a4ee057b8b95b617133e2f892e68fc4acdf0e81c4883e753d5c56323314d162c9bdfd48c1b224fdb0d279fd4a8d8e4061
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-