General
-
Target
d8a7d0dfb3835974e441cb2bd9af7a13aa323e5de8a29c7e9eecf4632d5ecd04
-
Size
374KB
-
Sample
220521-d7fp4sbhhr
-
MD5
c813db2a4fa3bfa781355e32c6ef240c
-
SHA1
712d8eb4b27c384e38c0f15eb2660bcf76aa3f1f
-
SHA256
d8a7d0dfb3835974e441cb2bd9af7a13aa323e5de8a29c7e9eecf4632d5ecd04
-
SHA512
caa1fc811c4147fb16eba68d11bf8751f4c455438fdec12de7cedbb7a39e3390a43d7c7aad0ea276212158544f640af0398b4df7388dd64ebfabd541ea0b04e8
Static task
static1
Behavioral task
behavioral1
Sample
13_08_2020_62967988.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
13_08_2020_62967988.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://podosenengk12.com/rtjyw/555555.png
http://accent-granit.com/urjikh/555555.png
http://wisedata.technology/xhpcvntvdmj/555555.png
http://kahnamoei.com/vatopbv/555555.png
http://carpalette-hachinohe.com/pdfdxenf/555555.png
http://jung-versand.net/dbjqzkp/555555.png
Targets
-
-
Target
13_08_2020_62967988.doc
-
Size
381KB
-
MD5
3d52b1e551984e203f02d9dcbd8e7e8b
-
SHA1
369dbac4370c025651892ce036dbfd82fbbb4ef2
-
SHA256
37a4488c88924394c225a530ace9dc09a4507d913bea46c49ce14ff43b40f6b8
-
SHA512
7ad63084e0c51727866c784b31bf3a77ea68b28b061327b2e8f8e39e6e2834f77aa69a9922294ca362fa5b4b695762e9fa3c28b1bf2584be9611102e21008e53
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-