General
-
Target
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.32608.12463.rtf
-
Size
1.1MB
-
Sample
220831-qxc8fsfabl
-
MD5
067208a716e65c2c5018064d00078ac5
-
SHA1
f5bd4fba468d7119f3dda5d4e5c9d6b2f3f9ce4b
-
SHA256
f443d54ed21c034b61c6e71a4f4705f33684d36b5784aa997461a88e99dc5202
-
SHA512
88c4795df95aec2f5a7a600710a23a033641a568e49e22330d098554f7b980fd87a15e2d41c09ebc4dc881df69f89ed15d92444fb9553051611c81b4f53d421d
-
SSDEEP
1536:4ch6dtRGWbCtpl5kmrJ//RFxXxBpzB9TBtiBqK8Qf6YXkY0kY0kY92i3e+6fw5bG:QnG
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.32608.12463.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.32608.12463.rtf
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Exploit.Rtf.Obfuscated.32.32608.12463.rtf
-
Size
1.1MB
-
MD5
067208a716e65c2c5018064d00078ac5
-
SHA1
f5bd4fba468d7119f3dda5d4e5c9d6b2f3f9ce4b
-
SHA256
f443d54ed21c034b61c6e71a4f4705f33684d36b5784aa997461a88e99dc5202
-
SHA512
88c4795df95aec2f5a7a600710a23a033641a568e49e22330d098554f7b980fd87a15e2d41c09ebc4dc881df69f89ed15d92444fb9553051611c81b4f53d421d
-
SSDEEP
1536:4ch6dtRGWbCtpl5kmrJ//RFxXxBpzB9TBtiBqK8Qf6YXkY0kY0kY92i3e+6fw5bG:QnG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-