General
-
Target
bbwsnzse
-
Size
134KB
-
Sample
220522-fzpzxsahaq
-
MD5
b239675c09b6095367ded732a1259e93
-
SHA1
15162071221210983a8bcd5fcf61524edd551f80
-
SHA256
f351e1457d7673a650544a0130b943fc10aba1ee461e398687a2d85fabb79129
-
SHA512
3418304703b8f5e968310f2d90a22eba15eb454efd64456a4e0a622a188358befc3389acd05e3168b63d21a3775188d0375d2910a1b49117d990f6f3c9db08a0
Static task
static1
Behavioral task
behavioral1
Sample
bbwsnzse.docm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
bbwsnzse.docm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://isuzu-mientrung.com/wp-content/0qigu/
http://kimt.edu.au/wp-admin/3el/
http://kausarimran.com/css/wnrm/
http://laparomc.com/wp-includes/yQUW1/
http://leasemyproperty.ca/wp-includes/lvh799l/
Targets
-
-
Target
bbwsnzse
-
Size
134KB
-
MD5
b239675c09b6095367ded732a1259e93
-
SHA1
15162071221210983a8bcd5fcf61524edd551f80
-
SHA256
f351e1457d7673a650544a0130b943fc10aba1ee461e398687a2d85fabb79129
-
SHA512
3418304703b8f5e968310f2d90a22eba15eb454efd64456a4e0a622a188358befc3389acd05e3168b63d21a3775188d0375d2910a1b49117d990f6f3c9db08a0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-