General
-
Target
SecuriteInfo.com.Exploit.Siggen3.17149.32408.6328
-
Size
38KB
-
Sample
220816-jly78aebhq
-
MD5
8a7129a4a07eaa7327f08f89baa5a4b0
-
SHA1
11b69fdbb82c42566bf8221bcf4c97b554099917
-
SHA256
790051c9d4abb07eaf104f3946dd8e068e41bbc0f14bdb0b174f75b66b16dd4e
-
SHA512
7184a0fc0b35a451f5035117c5b996205dda982388a12bc05fe0588b1442a3f9bd295e6da25cd4d04dc55f16c4ff3a35008e5f629cd703214f01e85ff54c46ab
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen3.17149.32408.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen3.17149.32408.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://facextrade.com.br/wp-includes/certificates/4.txt
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen3.17149.32408.6328
-
Size
38KB
-
MD5
8a7129a4a07eaa7327f08f89baa5a4b0
-
SHA1
11b69fdbb82c42566bf8221bcf4c97b554099917
-
SHA256
790051c9d4abb07eaf104f3946dd8e068e41bbc0f14bdb0b174f75b66b16dd4e
-
SHA512
7184a0fc0b35a451f5035117c5b996205dda982388a12bc05fe0588b1442a3f9bd295e6da25cd4d04dc55f16c4ff3a35008e5f629cd703214f01e85ff54c46ab
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-