General
-
Target
newthingsareintheonethewaytogetthebackbuttersochbuttersweetnesswithentireoprocessaneedgoodthingstogetme____verynicebuttersmooth.doc
-
Size
88KB
-
Sample
240826-l34kdazbrn
-
MD5
02d3b93c00b013f2eb2754e469cb23e2
-
SHA1
f5851bc2be976e9e68269b46a90deaa0ca8e6c11
-
SHA256
d55b76f0fe17bfad915babdae492f466987ee515f21150b6666fa276aa95774d
-
SHA512
7279328ec46219ac9eec1bc4c881fbaa86ed79eb813bac293d7760a8b83b2859c4f7d22e071f3734a16aad19416fed13c107fce8faf5a3bc844fe75bce373b69
-
SSDEEP
768:FCfB5RIvn0YGd7/qvYzI84zl2xvIzEJSeT/BZWd:FCxIi7/jzI84zlcvIwJSMMd
Static task
static1
Behavioral task
behavioral1
Sample
newthingsareintheonethewaytogetthebackbuttersochbuttersweetnesswithentireoprocessaneedgoodthingstoge.rtf
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
newthingsareintheonethewaytogetthebackbuttersochbuttersweetnesswithentireoprocessaneedgoodthingstoge.rtf
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
newthingsareintheonethewaytogetthebackbuttersochbuttersweetnesswithentireoprocessaneedgoodthingstogetme____verynicebuttersmooth.doc
-
Size
88KB
-
MD5
02d3b93c00b013f2eb2754e469cb23e2
-
SHA1
f5851bc2be976e9e68269b46a90deaa0ca8e6c11
-
SHA256
d55b76f0fe17bfad915babdae492f466987ee515f21150b6666fa276aa95774d
-
SHA512
7279328ec46219ac9eec1bc4c881fbaa86ed79eb813bac293d7760a8b83b2859c4f7d22e071f3734a16aad19416fed13c107fce8faf5a3bc844fe75bce373b69
-
SSDEEP
768:FCfB5RIvn0YGd7/qvYzI84zl2xvIzEJSeT/BZWd:FCxIi7/jzI84zlcvIwJSMMd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-