General
-
Target
cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa
-
Size
196KB
-
Sample
241113-2cwd3s1brq
-
MD5
2289e0f218cb6590f6868c5946a5baa0
-
SHA1
e9fba172f96477c1cc53eed86c5d231edc0fd6ce
-
SHA256
cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa
-
SHA512
9969d4755e32b245a6283a9e95858b34bbcc78b40c54e761ceeca999743e758e0b44a720ec7fe658fa4d2bf93e79a67764b03721a0b8b4602570016baf1866fa
-
SSDEEP
3072:GQ2y/GdyDktGDWLS0HZWD5w8K7Nk90D7IBUzoWl6X/V5qzJO04od:GQ2k4DtGiL3HJk90D7bzzl6PLqFOBq
Static task
static1
Behavioral task
behavioral1
Sample
cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://biswascreation.com/jodp17ksjfs/1flxhgo/
https://expoblockchain2020.com/cgi-bin/2/
https://mag-flex.com/wp-admin/xf8q/
https://www.harriscustomcatering.com/wp-includes/jCItk01ogb/
https://fdigitalsolutions.com/cgi-bin/mzqjn4h/
Targets
-
-
Target
cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa
-
Size
196KB
-
MD5
2289e0f218cb6590f6868c5946a5baa0
-
SHA1
e9fba172f96477c1cc53eed86c5d231edc0fd6ce
-
SHA256
cdff19bedaeee59f2977c24abee206037694be683f12998984059f7f13dbaffa
-
SHA512
9969d4755e32b245a6283a9e95858b34bbcc78b40c54e761ceeca999743e758e0b44a720ec7fe658fa4d2bf93e79a67764b03721a0b8b4602570016baf1866fa
-
SSDEEP
3072:GQ2y/GdyDktGDWLS0HZWD5w8K7Nk90D7IBUzoWl6X/V5qzJO04od:GQ2k4DtGiL3HJk90D7bzzl6PLqFOBq
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-