General
-
Target
107fd6be86b92cd124d49b967f2d1d719305db9f215eb21fcc0c5c65a7dc1e14
-
Size
241KB
-
Sample
221130-rzw9sahf38
-
MD5
5d796b4f80a7c7626db81ad6a55d3018
-
SHA1
976086afeee4e35ebec99e1b3a7176c9d16a08dc
-
SHA256
107fd6be86b92cd124d49b967f2d1d719305db9f215eb21fcc0c5c65a7dc1e14
-
SHA512
671d3921f67c1348b01beab6af5a5619ff6890f6805bfa96ace2f02d5bf22108a1aebb7b6eb3c5d2dde12be72118ff4ecd69daf2a00500824cc727a57b95d97e
-
SSDEEP
6144:Y77HUUUUUUUUUUUUUUUUUUUT52Vxygud92G1EBoBlf:Y77HUUUUUUUUUUUUUUUUUUUTCs/yeBlf
Behavioral task
behavioral1
Sample
107fd6be86b92cd124d49b967f2d1d719305db9f215eb21fcc0c5c65a7dc1e14.doc
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
107fd6be86b92cd124d49b967f2d1d719305db9f215eb21fcc0c5c65a7dc1e14.doc
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://dorubi.com/lnoubt/fx/
http://demo-progenajans.com/icceturkey/V81jki/
http://autofashionfactory.com/HLIC/epReQJ/
http://bedfont.com/selectbox/Q97C/
http://bernielandry.com/wp-includes/J3h/
Targets
-
-
Target
107fd6be86b92cd124d49b967f2d1d719305db9f215eb21fcc0c5c65a7dc1e14
-
Size
241KB
-
MD5
5d796b4f80a7c7626db81ad6a55d3018
-
SHA1
976086afeee4e35ebec99e1b3a7176c9d16a08dc
-
SHA256
107fd6be86b92cd124d49b967f2d1d719305db9f215eb21fcc0c5c65a7dc1e14
-
SHA512
671d3921f67c1348b01beab6af5a5619ff6890f6805bfa96ace2f02d5bf22108a1aebb7b6eb3c5d2dde12be72118ff4ecd69daf2a00500824cc727a57b95d97e
-
SSDEEP
6144:Y77HUUUUUUUUUUUUUUUUUUUT52Vxygud92G1EBoBlf:Y77HUUUUUUUUUUUUUUUUUUUTCs/yeBlf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-