General
-
Target
INV100720.xlsm
-
Size
399KB
-
Sample
200711-vht6shmmbx
-
MD5
97d1bf3b13839cb70157bbebc2ab1f8c
-
SHA1
b12d4e4b14d3b443e1abb9b6a5a9b6b74de2686a
-
SHA256
9a63be97d600c50abdddc22afd998e25ddac5030bcc4846b97cf7e1932eae7b8
-
SHA512
1bf7e0619db7bbf6bdf4a67608f5d74144ee114c769554e15af72bbd027d792f0e68cf36ea4839b6d37bafab14f73a240ef9d5381f83726a147e51a62e533bb0
Static task
static1
Behavioral task
behavioral1
Sample
INV100720.xlsm
Resource
win7
Behavioral task
behavioral2
Sample
INV100720.xlsm
Resource
win10v200430
Malware Config
Extracted
http://comawhimplet.com/nccd.exe
Targets
-
-
Target
INV100720.xlsm
-
Size
399KB
-
MD5
97d1bf3b13839cb70157bbebc2ab1f8c
-
SHA1
b12d4e4b14d3b443e1abb9b6a5a9b6b74de2686a
-
SHA256
9a63be97d600c50abdddc22afd998e25ddac5030bcc4846b97cf7e1932eae7b8
-
SHA512
1bf7e0619db7bbf6bdf4a67608f5d74144ee114c769554e15af72bbd027d792f0e68cf36ea4839b6d37bafab14f73a240ef9d5381f83726a147e51a62e533bb0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-