General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12176.26135.29106
-
Size
173KB
-
Sample
200801-2g7nxyjtqn
-
MD5
3158d249b1df418410378fb0a8acc3d3
-
SHA1
0b1a3f8ee1317f9001eaf098a8de861859d5ceac
-
SHA256
774c827f086962222073ad050dfa5b10e8cc0411731e506edc4a0363f4a2815d
-
SHA512
0405f10c425aee11beee75da01f14c1ec23b1a657e46469d42eef3a7af57fa01ad9c7912b0edbf5739cc9a9dc6e8e68978b5df264cb6bc053687bf0309dd3ad6
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12176.26135.29106.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12176.26135.29106.doc
Resource
win10
Malware Config
Extracted
http://www.hatchdogs.com/assets/XIw/
https://groovyboove.co.uk/blogs/8T94mmdka13/
https://gregemerson.com/wp-includes/hudy17240/
http://guariz.com.br/WuutjlO/
http://hafder.com/images/fhq7h7babdbe5q5052/
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.12176.26135.29106
-
Size
173KB
-
MD5
3158d249b1df418410378fb0a8acc3d3
-
SHA1
0b1a3f8ee1317f9001eaf098a8de861859d5ceac
-
SHA256
774c827f086962222073ad050dfa5b10e8cc0411731e506edc4a0363f4a2815d
-
SHA512
0405f10c425aee11beee75da01f14c1ec23b1a657e46469d42eef3a7af57fa01ad9c7912b0edbf5739cc9a9dc6e8e68978b5df264cb6bc053687bf0309dd3ad6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Drops file in System32 directory
-