General
-
Target
94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618
-
Size
155KB
-
Sample
220731-kcm92ahbhk
-
MD5
3d0805bb03b8caac44c23db4ed76b5b6
-
SHA1
e35a8776ad6e02f2920cac3b55f62a9cf5f516c2
-
SHA256
94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618
-
SHA512
e6d86520cfcaa999a3c9dde12f11721354fcb35a26f00a4b702db2671aa52479dcf51a05558a5ae17c9cb224c466a103d114a14e28e50f3d929df7844097902f
Behavioral task
behavioral1
Sample
94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618.doc
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618.doc
Resource
win10v2004-20220721-en
Malware Config
Extracted
http://www.bilgiegitimonline.com/wp-admin/mXWp/
https://www.yanjiaozhan.com/wp-includes/ug7/
http://barabooseniorhigh.com/En/JHS/
http://www.majoristanbul.com/cgi-bin/1OF/
http://bloodybits.com/edwinjefferson.com/jx7/
Targets
-
-
Target
94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618
-
Size
155KB
-
MD5
3d0805bb03b8caac44c23db4ed76b5b6
-
SHA1
e35a8776ad6e02f2920cac3b55f62a9cf5f516c2
-
SHA256
94175f6404af2c6de995aa6f8f37bdb2faeafe5f952297b6f13c3052cefcb618
-
SHA512
e6d86520cfcaa999a3c9dde12f11721354fcb35a26f00a4b702db2671aa52479dcf51a05558a5ae17c9cb224c466a103d114a14e28e50f3d929df7844097902f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-