General
-
Target
8412f10e3ca2d4419f4899314d7f7d3c8cd2aa78dd117b82369179a5180a3fa5
-
Size
80KB
-
Sample
220521-d7llcscaaj
-
MD5
04d1a84dd9e9065ca06f97f5748db646
-
SHA1
303970e821d2052f066e93994add7777a1925fdc
-
SHA256
8412f10e3ca2d4419f4899314d7f7d3c8cd2aa78dd117b82369179a5180a3fa5
-
SHA512
ad4a836ab9196a6fb14dc4e6375ee87dd62be020a1f360e230fd2ed514986376df40c5a0a32e9adb5ad85e444fd318b25d4814e8470d37d9f73f45f2b724aa05
Static task
static1
Behavioral task
behavioral1
Sample
DieKlage-01092020-1994462004.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
DieKlage-01092020-1994462004.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://rodrigodecamargo.com.br/vhtderi/555555555.png
http://www.lelamantin.fr/uboljzeqfb/555555555.png
http://somethingspecialrd.com/emdnfin/555555555.png
http://www.intiming.it/zopnivucop/555555555.png
http://funminews.com/tdtmxmcjtkqo/555555555.png
http://lesehanpelangi.com/vswrdyzgo/555555555.png
http://anamtaexports.in/gbfrctzj/555555555.png
http://ebooks.libraryrule.com/ttfzyugewvft/555555555.png
http://the-lobby.org/xqjzx/555555555.png
http://www.biocosmeticashop.com/tftkbe/555555555.png
http://birlafincorp.com/xoygkcfaea/555555555.png
http://shainasaw.com/bvjlok/555555555.png
http://www.hygienicwallcladding.com/ucbucwmtfkan/555555555.png
http://marudhralive.com/ggyofqrt/555555555.png
http://dienmayhoatan.com/fmyctrjeqrxw/555555555.png
Targets
-
-
Target
DieKlage-01092020-1994462004.doc
-
Size
90KB
-
MD5
09c2efc28d71216d95c49b33f24af6e3
-
SHA1
b8b3a9a39486c91222494004ef2498e977ad7524
-
SHA256
94027e02da7382882c8046e165ba9bdf7b3fc801ecf35ab3f004b1a3fdcc743c
-
SHA512
be8158bcb2a6adccffd5d5486b0d4c51463df654d017e0ca58466a9d46c9c23a9811200779333d803933c402c8f660200db1e7c5c89796c83e1c4f3ed9ab67a3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-