General
-
Target
buodkffr
-
Size
230KB
-
Sample
220522-fz9z4afeg6
-
MD5
c3aaec6a39763f3584c9dcb5cd52a2bb
-
SHA1
5ddd7c6a1bf2d14275d05c75e7f4c1b656fdd401
-
SHA256
98d32a982e82317e6e164544ad927cc3cf845e4276795e7ce6e2dc9ebb297724
-
SHA512
8796ddf831f83f1cf0d6ebfd83bafb939835570f9f584297320d95eeaf48ed220c1128a33ca1ed994e6c92492c303b3ba6da86acd341b0b67e66f672f1b0c9e5
Static task
static1
Behavioral task
behavioral1
Sample
buodkffr.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
buodkffr.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://harugomnhat.mizi.vn/lfv9u/Yc31L165329/
http://betmagik.com/wp-includes/e6eT18030/
http://aofortunes.com/9gipx/wOOY59/
http://yourman.co.uk/hWftFfZpx/uRkkm0115/
https://serenitynailsfranklin.com/wp-includes/OU50007/
Targets
-
-
Target
buodkffr
-
Size
230KB
-
MD5
c3aaec6a39763f3584c9dcb5cd52a2bb
-
SHA1
5ddd7c6a1bf2d14275d05c75e7f4c1b656fdd401
-
SHA256
98d32a982e82317e6e164544ad927cc3cf845e4276795e7ce6e2dc9ebb297724
-
SHA512
8796ddf831f83f1cf0d6ebfd83bafb939835570f9f584297320d95eeaf48ed220c1128a33ca1ed994e6c92492c303b3ba6da86acd341b0b67e66f672f1b0c9e5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-