General
-
Target
6fc9cffa9081fc09086d199c892c0f9f0cc16077ea135d7348208db0ce906333.doc
-
Size
140KB
-
Sample
240529-bx49lsdg78
-
MD5
6d5b3b6f2e941f32dd08d2de21b77bb5
-
SHA1
e82a055e52720d61108ac0ede59f0d36fc44eecb
-
SHA256
6fc9cffa9081fc09086d199c892c0f9f0cc16077ea135d7348208db0ce906333
-
SHA512
97853ff82ba2226060fa01eb24d2c09a4e065b67c60f79a082d2ad4d9d828459063f11cba2e07e7a85d2aaa855d89503edc56247b86a5adf566599d9de0ad2e3
-
SSDEEP
768:zwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWj9lSFcmEaWOVsAln7+yM:zwAlRkwAlRkwAlRKsFXqOVsaGxkhI
Malware Config
Targets
-
-
Target
6fc9cffa9081fc09086d199c892c0f9f0cc16077ea135d7348208db0ce906333.doc
-
Size
140KB
-
MD5
6d5b3b6f2e941f32dd08d2de21b77bb5
-
SHA1
e82a055e52720d61108ac0ede59f0d36fc44eecb
-
SHA256
6fc9cffa9081fc09086d199c892c0f9f0cc16077ea135d7348208db0ce906333
-
SHA512
97853ff82ba2226060fa01eb24d2c09a4e065b67c60f79a082d2ad4d9d828459063f11cba2e07e7a85d2aaa855d89503edc56247b86a5adf566599d9de0ad2e3
-
SSDEEP
768:zwAbZSibMX9gRWjtwAbZSibMX9gRWjtwAbZSibMX9gRWj9lSFcmEaWOVsAln7+yM:zwAlRkwAlRkwAlRKsFXqOVsaGxkhI
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-