General
-
Target
ID-191304203986.docm
-
Size
44KB
-
Sample
230920-3yrhpabc6y
-
MD5
8c498f9e6dd65c5a9704208922224661
-
SHA1
1dc2f872c2e23e1eb0c6090909c5807553ad1e75
-
SHA256
38f581881093c044667d565a698aa389f14585a58d5c8b692dc2be851293f1c2
-
SHA512
b6a5eceef6739421ed2f0f6a479df496ecb1894b7694651b24a50689d663b1d7f1b1bf58c2edacf6a2fa59908a58f25cd00e389765871cb1856acb3431bcca50
-
SSDEEP
768:T6D/hwDg0kIo+rQGtBMIYta9l87miNPZjinjUeipoRkqk:T6D/u801rQIBMNg86AB+njUpoqqk
Static task
static1
Behavioral task
behavioral1
Sample
ID-191304203986.docm
Resource
win7-20230831-en
Malware Config
Extracted
http://black-sun-a335.asyorfplmnv.workers.dev/mnwODBptK6jU/zKJFnbnzeum8/37d4fddb6bf2de6611c6655a5cd37972fc33642d/ace.jpg
Extracted
http://black-sun-a335.asyorfplmnv.workers.dev/mnwODBptK6jU/T2qomNwfFUeS/62f331959dde379b2536caed26a74ae8460c0c30/all.png
Extracted
http://black-sun-a335.asyorfplmnv.workers.dev/mnwODBptK6jU/5hwtrLyyHFiv/7b0985c861986ec9e2087ade8273e544009d68e1/SsdxxIp8DqeQ.jpg
Targets
-
-
Target
ID-191304203986.docm
-
Size
44KB
-
MD5
8c498f9e6dd65c5a9704208922224661
-
SHA1
1dc2f872c2e23e1eb0c6090909c5807553ad1e75
-
SHA256
38f581881093c044667d565a698aa389f14585a58d5c8b692dc2be851293f1c2
-
SHA512
b6a5eceef6739421ed2f0f6a479df496ecb1894b7694651b24a50689d663b1d7f1b1bf58c2edacf6a2fa59908a58f25cd00e389765871cb1856acb3431bcca50
-
SSDEEP
768:T6D/hwDg0kIo+rQGtBMIYta9l87miNPZjinjUeipoRkqk:T6D/u801rQIBMNg86AB+njUpoqqk
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-