General
-
Target
36cfa87ba3f5fdf893937365b60189aec1163986a8548d857da356119fd00553
-
Size
181KB
-
Sample
241121-ayjhvs1pek
-
MD5
d1dcac0221c9412998c82b5c17b1a4db
-
SHA1
c4e384e51f4fa6652e70d1ffbd5245c4819e714b
-
SHA256
36cfa87ba3f5fdf893937365b60189aec1163986a8548d857da356119fd00553
-
SHA512
074c74dd798a133085e309f9d1c8bbb640d9bd5810755f3c59df31b148f8856e06e45dbbb6c3fb1f6cf623d17db8eb12c0f936ea0070bdd03079f6f7709a14ad
-
SSDEEP
3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7V:9NO2k4PF7tGiL3HJk9rD7bdasiv86Z
Behavioral task
behavioral1
Sample
36cfa87ba3f5fdf893937365b60189aec1163986a8548d857da356119fd00553.doc
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
36cfa87ba3f5fdf893937365b60189aec1163986a8548d857da356119fd00553.doc
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://diwafashions.com/wp-admin/mqau6/
http://designers.hotcom-web.com/ubkskw29clek/qnpm1p/
http://dixartcontractors.com/cgi-bin/nnuv/
http://diaspotv.info/wordpress/G/
http://easyvisaoverseas.com/cgi-bin/v/
Targets
-
-
Target
36cfa87ba3f5fdf893937365b60189aec1163986a8548d857da356119fd00553
-
Size
181KB
-
MD5
d1dcac0221c9412998c82b5c17b1a4db
-
SHA1
c4e384e51f4fa6652e70d1ffbd5245c4819e714b
-
SHA256
36cfa87ba3f5fdf893937365b60189aec1163986a8548d857da356119fd00553
-
SHA512
074c74dd798a133085e309f9d1c8bbb640d9bd5810755f3c59df31b148f8856e06e45dbbb6c3fb1f6cf623d17db8eb12c0f936ea0070bdd03079f6f7709a14ad
-
SSDEEP
3072:9NO2y/GdywFyktGDWLS0HZWD5w8K7Nk9rD7IBUdasiv8OP7V:9NO2k4PF7tGiL3HJk9rD7bdasiv86Z
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Drops file in System32 directory
-