General
-
Target
dbvnmjhk
-
Size
176KB
-
Sample
220522-f2gfkabaaj
-
MD5
8a7c7754300dab0670eaf86357a5463d
-
SHA1
6feb3edf05a2170772cdaef20d76b7e8e07c7b81
-
SHA256
e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107e
-
SHA512
3075f82c4530f5b9681c5b4979faf04fee0f82af288556c97b3e534abdac8290937af2f6e915f49625f9c0b4f6375b565eb9ef8aacb548ea0a29068ecad51eb2
Static task
static1
Behavioral task
behavioral1
Sample
dbvnmjhk.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
dbvnmjhk.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://santyago.org/wp-content/0mcYS6/
http://dandyair.com/font-awesome/rOOAL/
https://www.tekadbatam.com/wp-content/AUiw/
http://kellymorganscience.com/wp-content/SCsWM/
https://tewoerd.eu/img/DALSKE/
http://mediainmedia.com/plugin_opencart2.3-master/Atye/
http://nuwagi.com/old/XLGjc/
Targets
-
-
Target
dbvnmjhk
-
Size
176KB
-
MD5
8a7c7754300dab0670eaf86357a5463d
-
SHA1
6feb3edf05a2170772cdaef20d76b7e8e07c7b81
-
SHA256
e9325a711e0f6f605b85898c5b507d4320e1f1dc672c68172b06cda359b5107e
-
SHA512
3075f82c4530f5b9681c5b4979faf04fee0f82af288556c97b3e534abdac8290937af2f6e915f49625f9c0b4f6375b565eb9ef8aacb548ea0a29068ecad51eb2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-