General
-
Target
hcfmjfsu
-
Size
183KB
-
Sample
220522-f5qhmsfgg9
-
MD5
b66d8fe119418a8a69d1276b36eb2fc0
-
SHA1
4b921043d94136bca5d42ad98a1b7e962a5b9af1
-
SHA256
768f3c029cc79ae21d7c732487da93f0e8c7d19a83737f9ce7e107e3adc9054c
-
SHA512
05c0872774d550fb5450c91ddec5ee4dc9c61cad79fa9c2980b1b6e0996d315c147fcb4331a6a841bc730d05a047411f1eeda274c32edd491547e866f6cdac07
Static task
static1
Behavioral task
behavioral1
Sample
hcfmjfsu.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
hcfmjfsu.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://superiorsurfacings.com/pc-not-qgtje/j8T3S/
http://tenrougroup.com/j/Hb7Wf/
http://syokmelaram.com/wp-includes/e1/
http://advokatemelyanov.ru/administrator/OMHpK/
http://mumglobal.com/content/DF0/
http://mvldesign.ca/Durani/2lZs/
https://eytsoft.com/css/Q2k/
Targets
-
-
Target
hcfmjfsu
-
Size
183KB
-
MD5
b66d8fe119418a8a69d1276b36eb2fc0
-
SHA1
4b921043d94136bca5d42ad98a1b7e962a5b9af1
-
SHA256
768f3c029cc79ae21d7c732487da93f0e8c7d19a83737f9ce7e107e3adc9054c
-
SHA512
05c0872774d550fb5450c91ddec5ee4dc9c61cad79fa9c2980b1b6e0996d315c147fcb4331a6a841bc730d05a047411f1eeda274c32edd491547e866f6cdac07
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-