General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429
-
Size
170KB
-
Sample
200801-kqxl854lxa
-
MD5
2fb02ab60274d396a7c01d5917ff21ec
-
SHA1
cc78cb81517d7b18434964dd029efb6e06857e96
-
SHA256
e547fe2a6107ee0731916d3a03179c18b54bf227ea86eed3cadf25fd0df77901
-
SHA512
f00a3c380c7e23d546aee05f528aae402c0102de1988da4436616be7cd0ed1ba3e499b78c77dbfe628d544aa45c6426775d8442ca4816dcafdda52b2cf03030a
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429.doc
Resource
win10
Malware Config
Extracted
http://iclebyte.com/uPD6c443/
http://iberfoods.com/site/UHaa7627/
http://yumiwong.com/img/Hct998/
http://www.ymdc786.com/connectors/0u9462/
https://yusufpaintings.com/cgi-bin/symNCd/
Targets
-
-
Target
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429
-
Size
170KB
-
MD5
2fb02ab60274d396a7c01d5917ff21ec
-
SHA1
cc78cb81517d7b18434964dd029efb6e06857e96
-
SHA256
e547fe2a6107ee0731916d3a03179c18b54bf227ea86eed3cadf25fd0df77901
-
SHA512
f00a3c380c7e23d546aee05f528aae402c0102de1988da4436616be7cd0ed1ba3e499b78c77dbfe628d544aa45c6426775d8442ca4816dcafdda52b2cf03030a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Drops file in System32 directory
-