General
-
Target
legal agreement_07.30.2020.doc
-
Size
103KB
-
Sample
200731-pq3y9as5ds
-
MD5
b3b0dffa00f1a93dd4f4069d87f43dd3
-
SHA1
756fe15d649645f5d9c3ef60dcd6d6ba5384633e
-
SHA256
e67aa7a4192ca035c6c52a6afaf1b03058b9baa6fde616db3dad9d8d3d4c24cc
-
SHA512
fe57b509a42cf017bc17d7b84d69ffb9c8de4e7240ef4056caf4e91fda39fee16b0019a4c6fba521f7278d99d857b9ef1374329177a70cc5b6ccc1bf44fd0202
Static task
static1
Behavioral task
behavioral1
Sample
legal agreement_07.30.2020.doc
Resource
win7v200722
Behavioral task
behavioral2
Sample
legal agreement_07.30.2020.doc
Resource
win10v200722
Malware Config
Targets
-
-
Target
legal agreement_07.30.2020.doc
-
Size
103KB
-
MD5
b3b0dffa00f1a93dd4f4069d87f43dd3
-
SHA1
756fe15d649645f5d9c3ef60dcd6d6ba5384633e
-
SHA256
e67aa7a4192ca035c6c52a6afaf1b03058b9baa6fde616db3dad9d8d3d4c24cc
-
SHA512
fe57b509a42cf017bc17d7b84d69ffb9c8de4e7240ef4056caf4e91fda39fee16b0019a4c6fba521f7278d99d857b9ef1374329177a70cc5b6ccc1bf44fd0202
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
An obfuscated cmd.exe command-line is typically used to evade detection.
-