General
-
Target
suvyhpnw
-
Size
169KB
-
Sample
220626-gsnnysbdf6
-
MD5
9bcd7831593b18eb2fc20abb950776e0
-
SHA1
94fce0e45271cd1dc5ff594f886146c88b5bdf75
-
SHA256
2e480d827237d7ae78d5b296e18e6a0cd466c5f3e09abf96f8bb53d927c4bab8
-
SHA512
ce5e923278b315e334274b0b1f9434aaa2851135fb0fb4f147b8e123da1f595e50a70fc47079f8f3c8c5c6a43f9b5b04a5dbf799f29491bb73d716304892dfdc
Static task
static1
Behavioral task
behavioral1
Sample
suvyhpnw.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
suvyhpnw.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://sampling-group.com/J0Eubtq06/
http://www.weddingsday.co.uk/docs/1oYncTNHDu/
http://sasystemsuk.com/recruit/sl979/
http://wellparts.net/cgi-bin/qAj081/
http://volkanakbalik.com/_inc/2W/
Targets
-
-
Target
suvyhpnw
-
Size
169KB
-
MD5
9bcd7831593b18eb2fc20abb950776e0
-
SHA1
94fce0e45271cd1dc5ff594f886146c88b5bdf75
-
SHA256
2e480d827237d7ae78d5b296e18e6a0cd466c5f3e09abf96f8bb53d927c4bab8
-
SHA512
ce5e923278b315e334274b0b1f9434aaa2851135fb0fb4f147b8e123da1f595e50a70fc47079f8f3c8c5c6a43f9b5b04a5dbf799f29491bb73d716304892dfdc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-