General
-
Target
601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
-
Size
187KB
-
Sample
221125-k45ndsag7s
-
MD5
fd0c0ac454f459acc1cd124fd097740a
-
SHA1
741cb7d37dbb4ca805174a194dbf9eb4f51ad727
-
SHA256
601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
-
SHA512
3322095ab7ac72b5de7a531ef85637892fe1f7cf62c65f1179d7abb7d38070c06e0e14236e6db0093ba4662f84d936e232a17ebe4bb2d11ba57b84ca0d3983c2
-
SSDEEP
3072:w77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qgKFCS0JKoVqP4dLQitFzhgDhCR:w77HUUUUUUUUUUUUUUUUUUUT52VNS0J5
Behavioral task
behavioral1
Sample
601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3.doc
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3.doc
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://ingenla.com/wp-content/XA_fj/
http://ises.com.pl/wp-admin/n2_df/
http://hicast.tn/wp-includes/8_X/
https://jcci-card.vn/wp-includes/O_R8/
http://appcost.win/noerk24jt/m_c/
Targets
-
-
Target
601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
-
Size
187KB
-
MD5
fd0c0ac454f459acc1cd124fd097740a
-
SHA1
741cb7d37dbb4ca805174a194dbf9eb4f51ad727
-
SHA256
601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
-
SHA512
3322095ab7ac72b5de7a531ef85637892fe1f7cf62c65f1179d7abb7d38070c06e0e14236e6db0093ba4662f84d936e232a17ebe4bb2d11ba57b84ca0d3983c2
-
SSDEEP
3072:w77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qgKFCS0JKoVqP4dLQitFzhgDhCR:w77HUUUUUUUUUUUUUUUUUUUT52VNS0J5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-