General
-
Target
1f9b7faf1e8049b82734ef3caa14a560aebcd027679db1c16482f5e25b8a6e4d
-
Size
263KB
-
Sample
221125-xn7h9sbf2s
-
MD5
b638cc21d05316ae407500e2f0777bfc
-
SHA1
b40550fab16f392e9cdacf444e5ccea82d0c8aa3
-
SHA256
1f9b7faf1e8049b82734ef3caa14a560aebcd027679db1c16482f5e25b8a6e4d
-
SHA512
65060ddd8073c8e915079cb53a8ac4bb0e431dadaba3999f80ebffa08134e089f79531604e57ce99f702e48a221608d258ed27eef566f0a8cc35c72af2b6554e
-
SSDEEP
6144:75ro+54uoqIj6XUEImVw/P67vRfCpGAZrkOCakKZgW9ef9g+9f9kHMiVP:u+5JSZiy/P6JC4Wgf9fq
Malware Config
Targets
-
-
Target
1f9b7faf1e8049b82734ef3caa14a560aebcd027679db1c16482f5e25b8a6e4d
-
Size
263KB
-
MD5
b638cc21d05316ae407500e2f0777bfc
-
SHA1
b40550fab16f392e9cdacf444e5ccea82d0c8aa3
-
SHA256
1f9b7faf1e8049b82734ef3caa14a560aebcd027679db1c16482f5e25b8a6e4d
-
SHA512
65060ddd8073c8e915079cb53a8ac4bb0e431dadaba3999f80ebffa08134e089f79531604e57ce99f702e48a221608d258ed27eef566f0a8cc35c72af2b6554e
-
SSDEEP
6144:75ro+54uoqIj6XUEImVw/P67vRfCpGAZrkOCakKZgW9ef9g+9f9kHMiVP:u+5JSZiy/P6JC4Wgf9fq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Office macro that triggers on suspicious action
Office document macro which triggers in special circumstances - often malicious.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Suspicious Office macro
Office document equipped with 4.0 macros.
-
Adds Run key to start application
-
Drops file in System32 directory
-