General
-
Target
SecuriteInfo.com.Exploit.Siggen3.17149.13096.30954
-
Size
38KB
-
Sample
220816-jlyxfsebhl
-
MD5
533a8fcd1f64d3ea05629945f9700ac3
-
SHA1
e5ae13e4e8d5dd211fcabfd3f1e56c0840591235
-
SHA256
7992c0f6155900ff20b80177a0570a5414ba65927a43edaf42aa6cfe126ed030
-
SHA512
9a47144a7f56a0d3eff175488502db7643df9cad59e47b1871fda29342e7c09c0fc39b132d8e6a154a16614d6abe3b1966a54c7b05bda7b41e9306a0d070732f
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen3.17149.13096.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen3.17149.13096.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://facextrade.com.br/wp-includes/certificates/4.txt
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen3.17149.13096.30954
-
Size
38KB
-
MD5
533a8fcd1f64d3ea05629945f9700ac3
-
SHA1
e5ae13e4e8d5dd211fcabfd3f1e56c0840591235
-
SHA256
7992c0f6155900ff20b80177a0570a5414ba65927a43edaf42aa6cfe126ed030
-
SHA512
9a47144a7f56a0d3eff175488502db7643df9cad59e47b1871fda29342e7c09c0fc39b132d8e6a154a16614d6abe3b1966a54c7b05bda7b41e9306a0d070732f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-