General
-
Target
cnewqstk
-
Size
183KB
-
Sample
220522-f1tz9sahfl
-
MD5
13fca40dc4820dc73c751e70130201f7
-
SHA1
3edaa4017e9f54561bafb3b2e5406e666e271146
-
SHA256
b9867ead986e6afb8337409a0b509cac26e3d383deb83f38f1cfcde8eaf3ab01
-
SHA512
fc9ca9a0b1b6ca19f41ae506e85f17b0e05e5dd6b80641e130274e219b02a91aeac7f718db1f4804c81c17e830e1ca67a2f59384d8df5e412ad76c3592c4b23b
Static task
static1
Behavioral task
behavioral1
Sample
cnewqstk.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
cnewqstk.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://aci.serabd.com/gt7pie/WMq/
http://acainacumbuca.com.br/protected-disk/x/
http://airmaxx.rs/available-zone/UFxfTGg/
http://labersa.com/preview/atbFjM/
http://agenciaetalk.com/common-zone/uF5x3RF/
http://brizboy.com/site/WrrdOMS/
http://clutchinc.net/image/1/
Targets
-
-
Target
cnewqstk
-
Size
183KB
-
MD5
13fca40dc4820dc73c751e70130201f7
-
SHA1
3edaa4017e9f54561bafb3b2e5406e666e271146
-
SHA256
b9867ead986e6afb8337409a0b509cac26e3d383deb83f38f1cfcde8eaf3ab01
-
SHA512
fc9ca9a0b1b6ca19f41ae506e85f17b0e05e5dd6b80641e130274e219b02a91aeac7f718db1f4804c81c17e830e1ca67a2f59384d8df5e412ad76c3592c4b23b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-