General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12174.29464.11497
-
Size
172KB
-
Sample
200801-ag11x717es
-
MD5
9c00d588f7b6a159c855b93627492516
-
SHA1
fa1ed3fb2e4e6f7d8747584b8a1969e85daa4909
-
SHA256
061f4c387df2a0e388b644d647379077b84ea8a2a52eec31d3e2f95b0984be9f
-
SHA512
5da86f8939b379be6373a8f95d648c7a0046e0e1a5c102173cab90819c84f9abb10c2be5575e1df5c66348ace3e94926e5eee5638a71c98565be844ecc8bbe54
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12174.29464.11497.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12174.29464.11497.doc
Resource
win10v200722
Malware Config
Extracted
http://www.hatchdogs.com/assets/XIw/
https://groovyboove.co.uk/blogs/8T94mmdka13/
https://gregemerson.com/wp-includes/hudy17240/
http://guariz.com.br/WuutjlO/
http://hafder.com/images/fhq7h7babdbe5q5052/
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.12174.29464.11497
-
Size
172KB
-
MD5
9c00d588f7b6a159c855b93627492516
-
SHA1
fa1ed3fb2e4e6f7d8747584b8a1969e85daa4909
-
SHA256
061f4c387df2a0e388b644d647379077b84ea8a2a52eec31d3e2f95b0984be9f
-
SHA512
5da86f8939b379be6373a8f95d648c7a0046e0e1a5c102173cab90819c84f9abb10c2be5575e1df5c66348ace3e94926e5eee5638a71c98565be844ecc8bbe54
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Drops file in System32 directory
-