General
-
Target
84dbeb770a728c415340d4ed6b8fd9fd66ca706e312464f1b68edd9fdf0aa0db
-
Size
36KB
-
Sample
221128-xhb56sgg42
-
MD5
4d41aa8d48ebe4058400414209661ce1
-
SHA1
d4bb81ee3cd28bf2d7f2bebeb3abcfb010a40a40
-
SHA256
84dbeb770a728c415340d4ed6b8fd9fd66ca706e312464f1b68edd9fdf0aa0db
-
SHA512
207cb9feb0bf381df043f896983a1cceb50d51276c0883e7586a26932bd4a137efbc00776e08dff3ed97a403ae160595ca9eb65bba09b694b6c33570be123da2
-
SSDEEP
768:c6v3MYE5yrGJKqKcDZb+vgSGf4fKnUXXr6ffGxuH5l6:c6v8i0KDOjnm6ffGU5l6
Behavioral task
behavioral1
Sample
84dbeb770a728c415340d4ed6b8fd9fd66ca706e312464f1b68edd9fdf0aa0db.docm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
84dbeb770a728c415340d4ed6b8fd9fd66ca706e312464f1b68edd9fdf0aa0db.docm
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://91.220.131.114/upd/install.exe
Targets
-
-
Target
84dbeb770a728c415340d4ed6b8fd9fd66ca706e312464f1b68edd9fdf0aa0db
-
Size
36KB
-
MD5
4d41aa8d48ebe4058400414209661ce1
-
SHA1
d4bb81ee3cd28bf2d7f2bebeb3abcfb010a40a40
-
SHA256
84dbeb770a728c415340d4ed6b8fd9fd66ca706e312464f1b68edd9fdf0aa0db
-
SHA512
207cb9feb0bf381df043f896983a1cceb50d51276c0883e7586a26932bd4a137efbc00776e08dff3ed97a403ae160595ca9eb65bba09b694b6c33570be123da2
-
SSDEEP
768:c6v3MYE5yrGJKqKcDZb+vgSGf4fKnUXXr6ffGxuH5l6:c6v8i0KDOjnm6ffGU5l6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-