General
-
Target
9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d
-
Size
126KB
-
Sample
221128-t99c7sdg8z
-
MD5
7f63dcb886bd5b8660e8c4739083dae6
-
SHA1
aad3fa063865cbd4146883a6a921ec3133d94398
-
SHA256
9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d
-
SHA512
97d2715b2517b28700c8a9cf9fcb1a45e6c208c251f31e10e4a47804dd89399da6a6f751f6b31c0a6b1e616f1110c1ff3f5fa042f67825615a01fe3dd2244030
-
SSDEEP
1536:WdKcpx2Sk/8E3NEN1vn5jG685uUDf44fAg:4AxdEzvn5jb8cU
Behavioral task
behavioral1
Sample
9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://85.143.166.190/asdvx/fghs.php
Targets
-
-
Target
9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d
-
Size
126KB
-
MD5
7f63dcb886bd5b8660e8c4739083dae6
-
SHA1
aad3fa063865cbd4146883a6a921ec3133d94398
-
SHA256
9afa90370cfd217ae1ec36e752a393537878a2f3b5f9159f61690e7790904b0d
-
SHA512
97d2715b2517b28700c8a9cf9fcb1a45e6c208c251f31e10e4a47804dd89399da6a6f751f6b31c0a6b1e616f1110c1ff3f5fa042f67825615a01fe3dd2244030
-
SSDEEP
1536:WdKcpx2Sk/8E3NEN1vn5jG685uUDf44fAg:4AxdEzvn5jb8cU
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-