General
-
Target
fvmnoedv
-
Size
225KB
-
Sample
220522-f4nbwsbbaj
-
MD5
573d8faaeec1daf286fcb2561dccaeae
-
SHA1
e2d1331e2b7f36b14879f79e2bcd50b872a3465f
-
SHA256
b6cadd34a5aee93bc88d830b2543b9adb3af8ddbd8bae4b99b03d4ec23c03ffc
-
SHA512
4e11a0402bb0a47a4c829910bf3364231a151825faf4b35960902c71cfd93997a72c459dd06917a46e4296b2e178dad25055071f014a925cea0db6c14f0cb1af
Static task
static1
Behavioral task
behavioral1
Sample
fvmnoedv.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
fvmnoedv.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://fabfastfashion.com/hebes1/ppzXffY7My/
http://soarflix.com/arcmulti/nA5T0999/
http://cloudcertitude.com/mail/Ord4990/
https://fzweiming.com/wp-content/Mz2592/
http://billingup.com/wp-admin/MfFw298/
Targets
-
-
Target
fvmnoedv
-
Size
225KB
-
MD5
573d8faaeec1daf286fcb2561dccaeae
-
SHA1
e2d1331e2b7f36b14879f79e2bcd50b872a3465f
-
SHA256
b6cadd34a5aee93bc88d830b2543b9adb3af8ddbd8bae4b99b03d4ec23c03ffc
-
SHA512
4e11a0402bb0a47a4c829910bf3364231a151825faf4b35960902c71cfd93997a72c459dd06917a46e4296b2e178dad25055071f014a925cea0db6c14f0cb1af
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-