General
-
Target
cjoohcvf
-
Size
231KB
-
Sample
220522-f1rvxaffa5
-
MD5
cce340ce6ad8a105036d929ac967edd4
-
SHA1
19180a3aad79986006c09d18c9fed1f4c6157003
-
SHA256
62cc3eedb06b43f8a3e286b0a9f04cbf36fe240a532b217d91950ea20fa0ba9c
-
SHA512
065614fa2e9e1fef4e0f4ff823a2e9b4935d2c3c2479da1f3dfe086866e27bf29c990557c9eddf839f0de55ed9e7734414358b9d88b3301f482514a1e0b05f6b
Static task
static1
Behavioral task
behavioral1
Sample
cjoohcvf.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cjoohcvf.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://xn--ruqumz1h0h.com/wp-content/zj/
http://hemalrathod.com/BillGST/6Y/
http://ipeconstrutora.com/cgi-bin/Zf/
http://islamabadtrafficpolice.gov.pk/i/
http://kogeisha.net/kansaiosakanagasaki-kenjinkai/Rxj/
http://lalenga.cl/claudio/oMz/
http://pedantas.eu/wp-snapshots/L/
Targets
-
-
Target
cjoohcvf
-
Size
231KB
-
MD5
cce340ce6ad8a105036d929ac967edd4
-
SHA1
19180a3aad79986006c09d18c9fed1f4c6157003
-
SHA256
62cc3eedb06b43f8a3e286b0a9f04cbf36fe240a532b217d91950ea20fa0ba9c
-
SHA512
065614fa2e9e1fef4e0f4ff823a2e9b4935d2c3c2479da1f3dfe086866e27bf29c990557c9eddf839f0de55ed9e7734414358b9d88b3301f482514a1e0b05f6b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-