General
-
Target
6ccca9c9c6d732d098eac9bb54a6cbf1f276a59b76c73363d5b18efab3bab7ac
-
Size
37KB
-
Sample
221125-1jnr5sbh2y
-
MD5
221c885bd44e336b01308dfd8de97e32
-
SHA1
1b9fea1b38b09e6997c0e5335361e5fc8659e91a
-
SHA256
6ccca9c9c6d732d098eac9bb54a6cbf1f276a59b76c73363d5b18efab3bab7ac
-
SHA512
e24a44cd4ce2da6d2cc4c591d890c2385e92a47342c672ee51789cd72872b80749ef404962d122669e327d14659d9449b629322b9cef2b2db5359878e72c46e2
-
SSDEEP
768:choE65XrG1gc9nUJuPY5VkJsO1m2pSWen+IJT7sxEexuHkTEB:choNogc9nUwPTJp1SWen+IJTwWeUKEB
Behavioral task
behavioral1
Sample
6ccca9c9c6d732d098eac9bb54a6cbf1f276a59b76c73363d5b18efab3bab7ac.docm
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6ccca9c9c6d732d098eac9bb54a6cbf1f276a59b76c73363d5b18efab3bab7ac.docm
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://91.220.131.146/upd3/install.exe
Targets
-
-
Target
6ccca9c9c6d732d098eac9bb54a6cbf1f276a59b76c73363d5b18efab3bab7ac
-
Size
37KB
-
MD5
221c885bd44e336b01308dfd8de97e32
-
SHA1
1b9fea1b38b09e6997c0e5335361e5fc8659e91a
-
SHA256
6ccca9c9c6d732d098eac9bb54a6cbf1f276a59b76c73363d5b18efab3bab7ac
-
SHA512
e24a44cd4ce2da6d2cc4c591d890c2385e92a47342c672ee51789cd72872b80749ef404962d122669e327d14659d9449b629322b9cef2b2db5359878e72c46e2
-
SSDEEP
768:choE65XrG1gc9nUJuPY5VkJsO1m2pSWen+IJT7sxEexuHkTEB:choNogc9nUwPTJp1SWen+IJTwWeUKEB
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-