General
-
Target
5f21d718976e5fffe61c89827b74a3ceb74054a1bdd1ab1b3dc69a82ec7f4587
-
Size
142KB
-
Sample
221125-lpwydagf42
-
MD5
9d5074f934679791e41df9b1ed245838
-
SHA1
997f12d773ea4c77906eb1c55dab9191b2820044
-
SHA256
5f21d718976e5fffe61c89827b74a3ceb74054a1bdd1ab1b3dc69a82ec7f4587
-
SHA512
ebf07298233ad4731a26bd1bd2a1b9ce69c1a01cc2444f21aadac2bb2229c8e052a4e79dc55566702bff643f7c4d7602c98cf5b5f10ebc7e5e9de31e1c69da84
-
SSDEEP
3072:A77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qi+pR4HKInUo05l29d:A77HUUUUUUUUUUUUUUUUUUUT52V0/4Hn
Behavioral task
behavioral1
Sample
5f21d718976e5fffe61c89827b74a3ceb74054a1bdd1ab1b3dc69a82ec7f4587.doc
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
5f21d718976e5fffe61c89827b74a3ceb74054a1bdd1ab1b3dc69a82ec7f4587.doc
Resource
win10v2004-20221111-en
Malware Config
Extracted
http://usuei.com/wp-admin/SKT62W/
http://912graphics.com/wp-includes/JE/
http://actbigger.com/daUeX/
http://webgenie.com/order/Wsc/hi0TV/
http://wasama.org/4n0f0ik/ne/
Targets
-
-
Target
5f21d718976e5fffe61c89827b74a3ceb74054a1bdd1ab1b3dc69a82ec7f4587
-
Size
142KB
-
MD5
9d5074f934679791e41df9b1ed245838
-
SHA1
997f12d773ea4c77906eb1c55dab9191b2820044
-
SHA256
5f21d718976e5fffe61c89827b74a3ceb74054a1bdd1ab1b3dc69a82ec7f4587
-
SHA512
ebf07298233ad4731a26bd1bd2a1b9ce69c1a01cc2444f21aadac2bb2229c8e052a4e79dc55566702bff643f7c4d7602c98cf5b5f10ebc7e5e9de31e1c69da84
-
SSDEEP
3072:A77HUUUUUUUUUUUUUUUUUUUTkOQePu5U8qi+pR4HKInUo05l29d:A77HUUUUUUUUUUUUUUUUUUUT52V0/4Hn
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-