General
-
Target
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a
-
Size
178KB
-
Sample
220630-wb9bnagdb6
-
MD5
c6715d228fa872203c0d2042f2b8a774
-
SHA1
2a0e970566a85d06c60bc801493e92803bca9f28
-
SHA256
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a
-
SHA512
19ac3d7a633218803ebb129b194f11b2c5cbd90d9473ee82b2295021eead7b4f9c11eb9c6624d2de8ad94976b467d10faf5d80e1f7d1280a56d27498311f5e99
Static task
static1
Behavioral task
behavioral1
Sample
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
https://ortusbeauty.com/error/tQ_p/
http://mstreet.com.au/wp-includes/S_bZ/
http://www.2996316.com/wp-admin/Mh_Q8/
http://brianmonroney.com/wp-includes/Nb_eL/
http://dermosaglik.com.tr/store/B_B/
Targets
-
-
Target
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a
-
Size
178KB
-
MD5
c6715d228fa872203c0d2042f2b8a774
-
SHA1
2a0e970566a85d06c60bc801493e92803bca9f28
-
SHA256
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a
-
SHA512
19ac3d7a633218803ebb129b194f11b2c5cbd90d9473ee82b2295021eead7b4f9c11eb9c6624d2de8ad94976b467d10faf5d80e1f7d1280a56d27498311f5e99
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-