Extracted

• • Target

    withnicethingswhichgivingbestthingstogetmebackwith_________verynicegoodthingsformygirlsherewithmegreatthignsfrome_________ireallylovethebestthingswhic.doc

  • Size

    114KB

  • MD5

    6fe3c24853e9de94688a2311999ba946

  • SHA1

    c4383b6caefcb3050ee009394ed1ae07c4f8fd6e

  • SHA256

    15723c9ed5323a6dc5b7a407c37000456bff531f06bd9e7732278eb518445547

  • SHA512

    a1b12f0e1a44d7743d6159f71ab116c8b9e8499cb2d52bc8d1ae3e9f6bc91c3f16788c9be5526052f6bb23b65ceb730a9a46fa2ccd07de05dc30d51f7e9e81a3

  • SSDEEP

    768:u+e7d8wnZX6sQ1j3ArcSGCTl4JkwHKTZ/rR7APQ8c:J/wnZ9Q1UrJWHaFAPQ3

  Score

  10^/10

  discoveryexecution

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2