General
-
Target
69092f47040afbfa9410f6010b79822dab206f165ea0e2d273ac5869cb116a2b
-
Size
881KB
-
Sample
221119-31g22agb97
-
MD5
417f9de75857326b81787fb2107e4c28
-
SHA1
c316259ffa844b93d577231c82bce96a4cac0033
-
SHA256
69092f47040afbfa9410f6010b79822dab206f165ea0e2d273ac5869cb116a2b
-
SHA512
ca269e3accbcead72e21081d79137045244dc0c31a3932e6df56a3e422aa5ec0940d025d8e0bb2ecd85c99796f8c672b81aee2d3278423f90ffa0c193512e070
-
SSDEEP
12288:vzLbZBySrSlNGixFugJjhkaYlaGzBZzfnTJsCrS8XPA/805Lu:LZBYv/Jjl6ZFNSA
Malware Config
Targets
-
-
Target
69092f47040afbfa9410f6010b79822dab206f165ea0e2d273ac5869cb116a2b
-
Size
881KB
-
MD5
417f9de75857326b81787fb2107e4c28
-
SHA1
c316259ffa844b93d577231c82bce96a4cac0033
-
SHA256
69092f47040afbfa9410f6010b79822dab206f165ea0e2d273ac5869cb116a2b
-
SHA512
ca269e3accbcead72e21081d79137045244dc0c31a3932e6df56a3e422aa5ec0940d025d8e0bb2ecd85c99796f8c672b81aee2d3278423f90ffa0c193512e070
-
SSDEEP
12288:vzLbZBySrSlNGixFugJjhkaYlaGzBZzfnTJsCrS8XPA/805Lu:LZBYv/Jjl6ZFNSA
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Office macro that triggers on suspicious action
Office document macro which triggers in special circumstances - often malicious.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
Adds Run key to start application
-
Drops file in System32 directory
-