General
-
Target
BASF Purchase Order.doc
-
Size
75KB
-
Sample
240603-kw4q5ahf2y
-
MD5
79b8cf99303217fe4f267ba133e54c1e
-
SHA1
32b19642fd76fb71c64bf73cd2ff5bb993a6c0a5
-
SHA256
3a332f1b11c8801f0197a99e8a6984c0fe2cafa0a68d75d4779b9e9e875d55e8
-
SHA512
9e75bdc1ffb067e6d7fcf6be16c6cafc62fabc99d2d777f8a6fda94866a8cd44660b136d2c92f1a6408fc8815eb023bdbe363c3b721e25cb7258995017bb9d56
-
SSDEEP
768:owAbZSibMX9gRWjTMd2cLJpRXUx78Fl3lqrfQD:owAlRPd2cLJpprFl3QrE
Static task
static1
Behavioral task
behavioral1
Sample
BASF Purchase Order.rtf
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
BASF Purchase Order.rtf
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
BASF Purchase Order.doc
-
Size
75KB
-
MD5
79b8cf99303217fe4f267ba133e54c1e
-
SHA1
32b19642fd76fb71c64bf73cd2ff5bb993a6c0a5
-
SHA256
3a332f1b11c8801f0197a99e8a6984c0fe2cafa0a68d75d4779b9e9e875d55e8
-
SHA512
9e75bdc1ffb067e6d7fcf6be16c6cafc62fabc99d2d777f8a6fda94866a8cd44660b136d2c92f1a6408fc8815eb023bdbe363c3b721e25cb7258995017bb9d56
-
SSDEEP
768:owAbZSibMX9gRWjTMd2cLJpRXUx78Fl3lqrfQD:owAlRPd2cLJpprFl3QrE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-