General
-
Target
567b7fe91330078fd3ba9e0f152203bb4e8edf5af0d43dd09deb7273cff24b39
-
Size
93KB
-
Sample
220521-pel7zaadbj
-
MD5
674d7910c1ee176de0e24fd0179d83ab
-
SHA1
ff11c4281f065fa38d91e606a5e294d7fd8e312d
-
SHA256
567b7fe91330078fd3ba9e0f152203bb4e8edf5af0d43dd09deb7273cff24b39
-
SHA512
3825964d5a19453885e521c8e79cfc086b253bbbef34467abf94bc7044cb3c89409bcdae1313ba01ab109a60961abaa960a41e3d963f45531d377186994a94b6
Static task
static1
Behavioral task
behavioral1
Sample
567b7fe91330078fd3ba9e0f152203bb4e8edf5af0d43dd09deb7273cff24b39.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
567b7fe91330078fd3ba9e0f152203bb4e8edf5af0d43dd09deb7273cff24b39.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://62.108.35.26/generator.php
Targets
-
-
Target
567b7fe91330078fd3ba9e0f152203bb4e8edf5af0d43dd09deb7273cff24b39
-
Size
93KB
-
MD5
674d7910c1ee176de0e24fd0179d83ab
-
SHA1
ff11c4281f065fa38d91e606a5e294d7fd8e312d
-
SHA256
567b7fe91330078fd3ba9e0f152203bb4e8edf5af0d43dd09deb7273cff24b39
-
SHA512
3825964d5a19453885e521c8e79cfc086b253bbbef34467abf94bc7044cb3c89409bcdae1313ba01ab109a60961abaa960a41e3d963f45531d377186994a94b6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-