General
-
Target
71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe
-
Size
508KB
-
Sample
220605-h7hlxsdbdp
-
MD5
ef267ca731b0a1ba54dec692a3be199f
-
SHA1
04913b97d707bd6ad6008f004fcc82f8bcc9c720
-
SHA256
e2a37fcb753fa41eb96311ec4017469ed6a7123171275b8b1812c28ac61bfff3
-
SHA512
8e6fe551197fd52118683140a3c732584be30855a52b0904901a258f03e3a2a1d4b005a8aaa67c48845f167d64f7fcef119b3ccb6006538fafcdb5b5696c29aa
Static task
static1
Behavioral task
behavioral1
Sample
71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
trickbot
2000011
ono82
131.153.22.145:443
62.108.35.29:443
45.89.127.118:443
185.99.2.123:443
62.108.35.36:443
45.89.127.119:443
51.77.112.255:443
194.5.249.216:443
185.99.2.160:443
80.85.156.116:443
86.104.194.102:443
37.220.6.115:443
-
autorunName:pwgrab
Targets
-
-
Target
71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe.doc
-
Size
1.2MB
-
MD5
a6e6fddbc42409c5a0a3dee8e84d6f2a
-
SHA1
6e0a27833a3d429a98b887e575263b05f3665e61
-
SHA256
71412027c3b5c6b27d4d22b43dd073bca949af7b5731d7f44c2f9406801d13fe
-
SHA512
e560cf9b4b992c16beacb8d66418306364c5f8aef9279df15bf048f8d7740937d12185f98152f5e729cbc7c3c600fca97123f64ef48602b409d27ee6595a1c1a
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-