General
-
Target
56026452a702848eff03a95438026851443790e7be4fa030a2a75a0594421ba1
-
Size
373KB
-
Sample
220521-d7p9jscaal
-
MD5
6e776bb6aa29e1112192d668b85b766c
-
SHA1
a1ef374282b2cd2f7cd90cd6e2b5aaeada57ce46
-
SHA256
56026452a702848eff03a95438026851443790e7be4fa030a2a75a0594421ba1
-
SHA512
70a057a0f13b4b92c0ee1bbe1b9e1c21496b94b9d42ca574c5d142f519877e90e2f128ad36007efacbc7dfc4c2bec48c36abc5b2c08d49094d7693ac2eeebbad
Static task
static1
Behavioral task
behavioral1
Sample
2020_1844777494.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
2020_1844777494.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://werfpop.nl/client.exe
Targets
-
-
Target
2020_1844777494.doc
-
Size
380KB
-
MD5
bbea719b296b81cb70e294246c9d6eae
-
SHA1
d79c7c9a0ddc7d3c7d90eb90f47783e999bb7ebd
-
SHA256
99d22eb3d584f502292d847497713c8db10f7aa9d2b08f5f6da8e690be4f7832
-
SHA512
40d7d306bfc8fad85f82d7f3fe9b5baec403a953178bf8284043afcb136b2356084151ded8f1e5c75aaa480e30a2aad0235adea09fdf4fffb7341d5890c67d17
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-