General
-
Target
f351b45dca909ae305f9b2c0b4ea93b34a3e0a7ee7af98f541d9ce8e170314d7
-
Size
121KB
-
Sample
220521-eskwyscgep
-
MD5
e7af5171e46dac5391b4e8ef4a8b8a6b
-
SHA1
42c349b38875bd353ce9f15fc2ccd306c9eb2703
-
SHA256
f351b45dca909ae305f9b2c0b4ea93b34a3e0a7ee7af98f541d9ce8e170314d7
-
SHA512
f57a95348d40936db1ea40ca7f36e900565cba8e220cffb4ee11de503c746df71c71e43ac7c81cac727e192574ce6aafcdb96c0a050d29aee586b4d111ca253d
Static task
static1
Behavioral task
behavioral1
Sample
cuenta de cobro.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cuenta de cobro.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://37.59.90.90/dard/systen.exe
Targets
-
-
Target
cuenta de cobro.docm
-
Size
146KB
-
MD5
65176316a898742993c5d97f22c5c3c1
-
SHA1
bde7f705958036438ccc1f4b2f483324e2d3a61b
-
SHA256
42ef90cd86cbc255c937743dc9207f7d16b95bc3e178b6bdd5e7299847320f62
-
SHA512
2f72c44d442fbb8398b2621586388767fbb3333e00758e67f64dcacf2c4a43d361011f5cb02825e04f7f8f44fa200828789b60b231d789458902e227ff29aa41
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-