General
-
Target
baddoc.doc
-
Size
62KB
-
Sample
230130-2fz7fada93
-
MD5
a3b613d128aace09241504e8acc678c2
-
SHA1
edde71ccadfad1380b881da5ecafc77fba5885b8
-
SHA256
8b92c23b29422131acc150fa1ebac67e1b0b0f8cfc1b727805b842a88de447de
-
SHA512
cef74b5b9fb3c4dba72650401dfe31b059db239a3248e1c9b91ab7f95907080d1b6258b32e4817184540129339f60c95f4e9e991d115e8414aea3b108eaf8dec
-
SSDEEP
768:+0MGUUTYQin+b4C7UqCVuO1BtWmxzdrZUIdjXgAmxZp2j5s2p:+0MGUUTYQic8qS1XndrZf8pMV
Behavioral task
behavioral1
Sample
baddoc.doc
Resource
win7-20220901-es
Behavioral task
behavioral2
Sample
baddoc.doc
Resource
win10v2004-20220812-es
Malware Config
Extracted
http://91.220.131.44/upd/install.exe
Targets
-
-
Target
baddoc.doc
-
Size
62KB
-
MD5
a3b613d128aace09241504e8acc678c2
-
SHA1
edde71ccadfad1380b881da5ecafc77fba5885b8
-
SHA256
8b92c23b29422131acc150fa1ebac67e1b0b0f8cfc1b727805b842a88de447de
-
SHA512
cef74b5b9fb3c4dba72650401dfe31b059db239a3248e1c9b91ab7f95907080d1b6258b32e4817184540129339f60c95f4e9e991d115e8414aea3b108eaf8dec
-
SSDEEP
768:+0MGUUTYQin+b4C7UqCVuO1BtWmxzdrZUIdjXgAmxZp2j5s2p:+0MGUUTYQic8qS1XndrZf8pMV
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-