General
-
Target
DOCUMENTO DE EJEMPLO -.docm
-
Size
76KB
-
Sample
230330-lkbrmsca32
-
MD5
ffc30716b9d1a573c91baecc7c78dd11
-
SHA1
e0bd9f5b1e8360778466f6e66a8f1b5104dae1ea
-
SHA256
36efb55ec131f10035c95424d1352b564989af80d8a8a8580434a6528e2bc6e9
-
SHA512
dfc3df6ea5191b38eb2f2d524d4374ad1eca7225a0ec9f6f165caf54436c2359b241e6262d845a33b4cfe8596bece076527f4dd3529f3838acfccf2f6477bd30
-
SSDEEP
1536:ZoRFzjY13RQIcS1TIF0Ide4Pyc7orwTUSfxouET8j:eRZc8ATIF0Ide4PyZSfX
Behavioral task
behavioral1
Sample
DOCUMENTO DE EJEMPLO -.docm
Resource
win7-20230220-es
Behavioral task
behavioral2
Sample
DOCUMENTO DE EJEMPLO -.docm
Resource
win10v2004-20230220-es
Malware Config
Extracted
http://192.168.0.109/Invoke-PowerShellTcp.ps1
Targets
-
-
Target
DOCUMENTO DE EJEMPLO -.docm
-
Size
76KB
-
MD5
ffc30716b9d1a573c91baecc7c78dd11
-
SHA1
e0bd9f5b1e8360778466f6e66a8f1b5104dae1ea
-
SHA256
36efb55ec131f10035c95424d1352b564989af80d8a8a8580434a6528e2bc6e9
-
SHA512
dfc3df6ea5191b38eb2f2d524d4374ad1eca7225a0ec9f6f165caf54436c2359b241e6262d845a33b4cfe8596bece076527f4dd3529f3838acfccf2f6477bd30
-
SSDEEP
1536:ZoRFzjY13RQIcS1TIF0Ide4Pyc7orwTUSfxouET8j:eRZc8ATIF0Ide4PyZSfX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-