General
-
Target
c714df95288209ef3fbafe4f685c16629edea6bbf927c9ff522170c939916016.doc
-
Size
16KB
-
Sample
240621-by7q5avdmg
-
MD5
0ec4a5cbc70d9e63dc8efc2197bc03fa
-
SHA1
24715d7a38a0e3b3495d6fa7bd1164897fe36257
-
SHA256
c714df95288209ef3fbafe4f685c16629edea6bbf927c9ff522170c939916016
-
SHA512
cfa6f5f43e48340e562ff47a8c1c7c73c46e96adf1b9452e252d4e20171a5a0c13175129ee401e217982d7d49f29df045b42ee93045d3e1acc188554c1f71403
-
SSDEEP
384:AyXKibkWUs8PL8wi4OEwH8TIbE91r2fRwJY7vi9EyPPT:AcK735P3DOqnYJ+OvsEyP7
Static task
static1
Behavioral task
behavioral1
Sample
c714df95288209ef3fbafe4f685c16629edea6bbf927c9ff522170c939916016.docx
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c714df95288209ef3fbafe4f685c16629edea6bbf927c9ff522170c939916016.docx
Resource
win10v2004-20240508-en
Malware Config
Extracted
formbook
4.1
bi09
fayenterprises.online
anekagaminghk.rest
mina-chan.site
theselfcarefaire.com
progym.app
cherishedtimes.space
gkrp9s016x.icu
api288-s-rtp.online
chikankari.shop
annarosellc.com
lcloud.services
aisuitability.com
sks41.com
7779c1.vip
tunasolution.click
nexbetwin.com
huatless.quest
junroptskdyued.shop
yourwellnesseq.com
zcymc.top
alabamacoastalhomesforsale.com
gemline.online
hydroshinepowerwash.com
brandpromocodes.com
soicauxsmb.com
healthcare-trends-31189.bond
qg65.top
lipinpay.com
nfrcadrvcf.com
xn--72cb0bab2pc6b3j3b.com
cb191.pro
solargridsnorthtampabay.com
bodiedbycoyaaa.com
mh-card50.online
759my.xyz
davidlorenc.com
hub2367.com
vmjpdnls.xyz
parentingsupportgroup.xyz
roofing-services-15001.bond
searchhomeshamiltonmill.com
fhermer.com
emailsports.com
t-sit.com
j1xhon.com
67657.ooo
one-business-steering.com
bt365323.com
clientsun.site
bernzahnarzt.com
evriukpostcom.xyz
plasoi.xyz
fxrxvvpc.shop
ixdye610r.xyz
wvpbuildingservices.com
fabergerobotics.com
winday.xyz
myicecreambb.com
plusmc.site
eudlt417i.xyz
rajabet123-akunvip.xyz
lubaksa.shop
baicb.com
zhaotongshi0870.top
umc.autos
Targets
-
-
Target
c714df95288209ef3fbafe4f685c16629edea6bbf927c9ff522170c939916016.doc
-
Size
16KB
-
MD5
0ec4a5cbc70d9e63dc8efc2197bc03fa
-
SHA1
24715d7a38a0e3b3495d6fa7bd1164897fe36257
-
SHA256
c714df95288209ef3fbafe4f685c16629edea6bbf927c9ff522170c939916016
-
SHA512
cfa6f5f43e48340e562ff47a8c1c7c73c46e96adf1b9452e252d4e20171a5a0c13175129ee401e217982d7d49f29df045b42ee93045d3e1acc188554c1f71403
-
SSDEEP
384:AyXKibkWUs8PL8wi4OEwH8TIbE91r2fRwJY7vi9EyPPT:AcK735P3DOqnYJ+OvsEyP7
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Detects executables packed with SmartAssembly
-
Formbook payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Abuses OpenXML format to download file from external location
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-