General
-
Target
e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694
-
Size
227KB
-
Sample
241109-1eg4sssgnn
-
MD5
c67dbece750d67ee28ee6d8b07c21fb0
-
SHA1
dfba02c2a620cb2eaea42f735122a9e4539a7d76
-
SHA256
e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694
-
SHA512
e5e71272f5af10e4d179498a8aaf4c07a01ed8145c4d795a69142018e1a405b7228b630925586581a8ded37c7e47b0a258d7fc916168be9edc552c1a82184679
-
SSDEEP
3072:EBj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkJyA8fowJIVh9:EBHgtEWPsL/aTyT9GkAA8fowJmh9
Behavioral task
behavioral1
Sample
e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694.doc
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://iraniansk.com/wp-content/rm1q_q6x4_l5/
http://kachetemarketing.com/cgi-bin/9yxsy_nq02_x2tv/
http://kinotheque.com/wp-includes/aidu_9c8_rrlp/
https://onyourleftracing.com/cgi-bin/fotes_4l_enxguwo/
http://slimgenemd.com/hqzfg/z_ya_xkjx5/
Targets
-
-
Target
e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694
-
Size
227KB
-
MD5
c67dbece750d67ee28ee6d8b07c21fb0
-
SHA1
dfba02c2a620cb2eaea42f735122a9e4539a7d76
-
SHA256
e0d0865b4bd365c61c4c887282f768a906474486be50bd71149fe4e57dfab694
-
SHA512
e5e71272f5af10e4d179498a8aaf4c07a01ed8145c4d795a69142018e1a405b7228b630925586581a8ded37c7e47b0a258d7fc916168be9edc552c1a82184679
-
SSDEEP
3072:EBj6yw1MgpQiBhGWb6esLbTh8YuyDRBFtdfGkJyA8fowJIVh9:EBHgtEWPsL/aTyT9GkAA8fowJmh9
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-