General
-
Target
?i=1gifleect
-
Size
129KB
-
Sample
220522-f6jfqafhc6
-
MD5
e695d8c6c6db341f12701b4d18dd0d19
-
SHA1
c73f399a25902d8d935e8b6b857ba9203c8536fe
-
SHA256
59cb2552a34b231acb92fcee121b13d662ca7f0049a70aae86fe312270f548e5
-
SHA512
605ba80a24c02cd34763177f1e99d0b74dd6a291623f1433f8f38cf357bd9ab5516c884ee569a5b0ffbc3bdc7645b8274a3428f3fb0f768d5be2a2f4ceaeacb0
Behavioral task
behavioral1
Sample
?i=1gifleect.xls
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?i=1gifleect.xls
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://185.7.214.7/cc.html
Targets
-
-
Target
?i=1gifleect
-
Size
129KB
-
MD5
e695d8c6c6db341f12701b4d18dd0d19
-
SHA1
c73f399a25902d8d935e8b6b857ba9203c8536fe
-
SHA256
59cb2552a34b231acb92fcee121b13d662ca7f0049a70aae86fe312270f548e5
-
SHA512
605ba80a24c02cd34763177f1e99d0b74dd6a291623f1433f8f38cf357bd9ab5516c884ee569a5b0ffbc3bdc7645b8274a3428f3fb0f768d5be2a2f4ceaeacb0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-