General
-
Target
d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1
-
Size
162KB
-
Sample
220701-hz14asahf9
-
MD5
ec469b83d15d1579617a3e9b6598c062
-
SHA1
f648aa6fe1134cf1616e83ab953150f2e810952d
-
SHA256
d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1
-
SHA512
8ac5c94344d9fb0f9fc0ceed5e2937c0c7711452a4b3dc76f363df99d08b008c3cf6295d11120e585e319d7bf61f58732653f523abde39a77a9b82c140639a32
Static task
static1
Behavioral task
behavioral1
Sample
d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1.doc
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1.doc
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://chistyshifaclinic.com/administrator/modules/mod_multilangstatus/language/verizon-bill-1.content.exe
http://jaydeemory.com/administrator/components/com_privacy/controllers/verizon-bill-2.content.exe
http://80.211.250.213:8080/es478oVMLwLrqZLe8x90y3c5
Targets
-
-
Target
d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1
-
Size
162KB
-
MD5
ec469b83d15d1579617a3e9b6598c062
-
SHA1
f648aa6fe1134cf1616e83ab953150f2e810952d
-
SHA256
d8101b2e4f835e485af2454cbf4c1a3cb347cbf77f065932d350af4cbac136a1
-
SHA512
8ac5c94344d9fb0f9fc0ceed5e2937c0c7711452a4b3dc76f363df99d08b008c3cf6295d11120e585e319d7bf61f58732653f523abde39a77a9b82c140639a32
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-