General
-
Target
c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf
-
Size
112KB
-
Sample
220731-k69ecshef2
-
MD5
bb7ac1a1873e29db1f7ad69aaf4a8127
-
SHA1
e7a082ff41d8cc4a09d3f852c46cfb808659b476
-
SHA256
c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf
-
SHA512
9bd8f53a8dc5bf852ce2b59f9ab697022679b1d167311c437bb56b6509a6a6c81aafd2092f88ec2e87eca5172fb022224b784d4238200a1cf33eace07ea575dd
Behavioral task
behavioral1
Sample
c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf.doc
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf.doc
Resource
win10v2004-20220721-en
Malware Config
Extracted
http://solvolab.com/sdB
http://kenstones.com/pR
http://benvisuals.com/S2hMkKS
http://www.clinicacirurgiaplasticasp.com.br/Jmz
http://pride.ge/0e40iT
Targets
-
-
Target
c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf
-
Size
112KB
-
MD5
bb7ac1a1873e29db1f7ad69aaf4a8127
-
SHA1
e7a082ff41d8cc4a09d3f852c46cfb808659b476
-
SHA256
c131bb851593a57ab89577b5bb927ee4e3cd0c31140a775e871c1463f50d2fbf
-
SHA512
9bd8f53a8dc5bf852ce2b59f9ab697022679b1d167311c437bb56b6509a6a6c81aafd2092f88ec2e87eca5172fb022224b784d4238200a1cf33eace07ea575dd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-