General
-
Target
reservas.ppam
-
Size
16KB
-
Sample
240224-kpvvmseh84
-
MD5
5e6c2b4b6bae7269c8127ae4368f0178
-
SHA1
29299b7437a5225885af5c152c17955adba89511
-
SHA256
b402239273ce6dbd40ac5087661d66176092a6f848fd521eea1ed2ad6012672c
-
SHA512
fbf55d29917b5610ed0e95ba6bd7bad6beb08dd5eecb1c71848746fa387e30e2b9b2f0b952517249d9b2092d526fc8c7eb288a398b4319069529f94c69c6e71a
-
SSDEEP
384:dXPz8GKfDSmH+V6WMxj7mV+ZOA9B0+6lZFUADrbA:VPoGKbSmHYCZOuB0+6vHY
Static task
static1
Behavioral task
behavioral1
Sample
reservas.ppam
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
reservas.ppam
Resource
win10v2004-20240221-en
Malware Config
Extracted
revengerat
NyanCatRevenge
brasil.ddns.com.br:333
5e241e476b334640a2f
Targets
-
-
Target
reservas.ppam
-
Size
16KB
-
MD5
5e6c2b4b6bae7269c8127ae4368f0178
-
SHA1
29299b7437a5225885af5c152c17955adba89511
-
SHA256
b402239273ce6dbd40ac5087661d66176092a6f848fd521eea1ed2ad6012672c
-
SHA512
fbf55d29917b5610ed0e95ba6bd7bad6beb08dd5eecb1c71848746fa387e30e2b9b2f0b952517249d9b2092d526fc8c7eb288a398b4319069529f94c69c6e71a
-
SSDEEP
384:dXPz8GKfDSmH+V6WMxj7mV+ZOA9B0+6lZFUADrbA:VPoGKbSmHYCZOuB0+6vHY
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-