General
-
Target
01c54922f20b727785674251e450eb1e69aaa8289f0560d550edcbd785f9bea0
-
Size
118KB
-
Sample
220521-esfbgacgdr
-
MD5
e6853d39f8565fd9014a0cc0c7d6731b
-
SHA1
d1bcfcf9818f58b389f402f534d6eb18991d6e87
-
SHA256
01c54922f20b727785674251e450eb1e69aaa8289f0560d550edcbd785f9bea0
-
SHA512
dd1e448f3667cf30ca93ffd6f529b1002ee9d7fb2ffb95f6188e107e5df024db954c232ea0740f38e2f1e667a95aedd46b3a4bb14871ae55b4593ac3b416ee12
Static task
static1
Behavioral task
behavioral1
Sample
sample.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
sample.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://www.agentstepp.com/ww12/6ZI/
http://badaia.net/baiaseu/m4G4chJ/
http://www.bambagiotti.it/shop/ymwU6/
http://bbcalegal.com/attachments/AAyd/
http://mezes.de/title_htm_files/Mb/
http://computerfastfix.co.uk/css/DXj/
http://sacentrs.lv/wp-content/uploads/2018/Cc/
Targets
-
-
Target
sample
-
Size
250KB
-
MD5
5beff240d2fdcb9b7f5964c013149f9a
-
SHA1
26f56d6baaad284586fe09dbad117d79089a097a
-
SHA256
56dcff4ecd45c2746400befa109c1dae9cb935164fba6744f71387ad5cfdbe80
-
SHA512
e00c03d76f22f94762646f02770089ae8c32031d12607f46964cfc02176b570b5c0c2c2bd9c3a84223ce97b5fc936c37a02206f0bfb3f85236d70a3f5171aae1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-