General
-
Target
Detalhes da reserva.ppam
-
Size
18KB
-
Sample
240311-sdvz9sdf81
-
MD5
d9b08507bbed55097f91f61b995f1b81
-
SHA1
a10b28c1cca42bc277f1569feb830c10a501383e
-
SHA256
0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb
-
SHA512
cf9e1c41fff83c8e851d66ff4baf333b7e12acb99a37c62cf214d06ec5c1ea664e04eb0eb83d8ba206d8ad5a23532d910b48f670678e8238ea70fc9f12ef10b4
-
SSDEEP
384:dXPuMXrXloiGnEnKdyOeTR05MVzZcqsts7uJNFTRVmWJhCxM:VPX+i0EnKdyOMRWAzZWbTfmoCq
Static task
static1
Behavioral task
behavioral1
Sample
Detalhes da reserva.ppam
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Detalhes da reserva.ppam
Resource
win10v2004-20240226-en
Malware Config
Extracted
revengerat
NyanCatRevenge
craxsrat.ddns.com.br:333
27d7e6701f5e
Targets
-
-
Target
Detalhes da reserva.ppam
-
Size
18KB
-
MD5
d9b08507bbed55097f91f61b995f1b81
-
SHA1
a10b28c1cca42bc277f1569feb830c10a501383e
-
SHA256
0fabe8bad86d907040ba52fc7fc59e1626a4ea86bb24baa85a94734b4517fddb
-
SHA512
cf9e1c41fff83c8e851d66ff4baf333b7e12acb99a37c62cf214d06ec5c1ea664e04eb0eb83d8ba206d8ad5a23532d910b48f670678e8238ea70fc9f12ef10b4
-
SSDEEP
384:dXPuMXrXloiGnEnKdyOeTR05MVzZcqsts7uJNFTRVmWJhCxM:VPX+i0EnKdyOMRWAzZWbTfmoCq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-