General
-
Target
0f309e63c58d55ab0fee1ef2924cf648690e371ed9ae633742555629b219b785
-
Size
80KB
-
Sample
220521-pespraadck
-
MD5
2e80453d3d26670dac68562bb0d974a1
-
SHA1
717232c15b22c6b00c6cfd96466fc365e215cf37
-
SHA256
0f309e63c58d55ab0fee1ef2924cf648690e371ed9ae633742555629b219b785
-
SHA512
af203780a73408d44e43d02182ac10a6c17a207909c734d2f37751fd7556e86f985fb2167cf37e8fdea9a987effee1a506ee46a6eec6c5ed5353774054185174
Static task
static1
Behavioral task
behavioral1
Sample
TTP-US-424730721.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
TTP-US-424730721.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://62.108.35.164/api.php
Targets
-
-
Target
TTP-US-424730721.doc
-
Size
89KB
-
MD5
b52f6306e6c5af7bd87fab6f32a937b9
-
SHA1
e7043e9907b332b9039eeb4487959d10e05d2dc0
-
SHA256
cd580936ca0b3f64311194b22355b1eee4148c3a26ca831fea9dda5ca748aba4
-
SHA512
0f5212be7b3294cb4b86e4f884f9b750a056c34ab9d9df040481d2244659ee2c79c084747ed5cf056ae9d4d3d35563b1901dacfbec464a20ea466029916cc9cb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-