General
-
Target
SecuriteInfo.com.VBA.SCrypted.1.Gen.14884.10565
-
Size
99KB
-
Sample
200630-ecvyhrqh8a
-
MD5
2a6d6ea570bf94f27a057e2181247e6e
-
SHA1
602c808c644bd96cbf7f6d4423d22fd1bff8b538
-
SHA256
4c34d35aa6bfb51235832f2f653d4d95ac18f8050d7b9894a3810492341c5ed2
-
SHA512
09d9b55720d7f2c7eb959eb9ce202bd479e4786e01796a15e74b14c2ebd73902168635ed88addca126c20114d1c06e2f3a9033735630d50b07dc6e094ffb8c65
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.VBA.SCrypted.1.Gen.14884.10565.rtf
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.VBA.SCrypted.1.Gen.14884.10565.rtf
Resource
win10v200430
Malware Config
Extracted
http://185.208.211.67/scorp/Queen.sfx.exe
Targets
-
-
Target
SecuriteInfo.com.VBA.SCrypted.1.Gen.14884.10565
-
Size
99KB
-
MD5
2a6d6ea570bf94f27a057e2181247e6e
-
SHA1
602c808c644bd96cbf7f6d4423d22fd1bff8b538
-
SHA256
4c34d35aa6bfb51235832f2f653d4d95ac18f8050d7b9894a3810492341c5ed2
-
SHA512
09d9b55720d7f2c7eb959eb9ce202bd479e4786e01796a15e74b14c2ebd73902168635ed88addca126c20114d1c06e2f3a9033735630d50b07dc6e094ffb8c65
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-