General
-
Target
inv_281.xls
-
Size
283KB
-
Sample
200625-e176xkzzea
-
MD5
9f0fbc1d2351ee426c0c715bb9688612
-
SHA1
49d5be159725054c28e671f3004edf2e5d9e1bcd
-
SHA256
815d71524ed41e28a38222c821ce848ae6e6b925c0ea620d5bdc1aa66e58fa73
-
SHA512
6ebf7d1dfd0fc780cbe1dab535f1d52cf2e795cc67e3e12406ee8b0a9aac946deed8d2d7b0ccb649fc6ee442ca857ec17b5f7c657fe5c967187f869e41086a56
Static task
static1
Behavioral task
behavioral1
Sample
inv_281.xls
Resource
win7
Malware Config
Extracted
zloader
id1
spam
https://axisbasis.xyz/data.php
Ts72YjsjO5TghE6m
eX�A�ץ�K8�z�d�or�����"t��r�҂.�ߨ=��FE�hI�j��En�PsO��<��M �KN��;4�Y �8��\ �q������8Gp�;�pm!g
Targets
-
-
Target
inv_281.xls
-
Size
283KB
-
MD5
9f0fbc1d2351ee426c0c715bb9688612
-
SHA1
49d5be159725054c28e671f3004edf2e5d9e1bcd
-
SHA256
815d71524ed41e28a38222c821ce848ae6e6b925c0ea620d5bdc1aa66e58fa73
-
SHA512
6ebf7d1dfd0fc780cbe1dab535f1d52cf2e795cc67e3e12406ee8b0a9aac946deed8d2d7b0ccb649fc6ee442ca857ec17b5f7c657fe5c967187f869e41086a56
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Suspicious use of SetThreadContext
-