General
-
Target
Inv_997240_527764.xlsm
-
Size
51KB
-
Sample
201118-cvnpveapme
-
MD5
ed931b0cc827a4f9051f80b6598a4f6e
-
SHA1
4ec5ef894b046c2486b63b503c6b93fc2c873188
-
SHA256
a0f15919fdcbd8208938d1118be24041fc917ca3a9a7be768eb08574fe80f447
-
SHA512
a7c7c5b2aca294cd15ff57bbbaf62d0b410ae0618c2a61bda4e2685cd6dc490cdc53dad8a329c96e59143cdb06cf32f781bd7554bd78ff45f11a0a7bac21bf5e
Static task
static1
Behavioral task
behavioral1
Sample
Inv_997240_527764.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Inv_997240_527764.xlsm
Resource
win10v20201028
Malware Config
Extracted
dridex
10444
162.241.44.26:9443
192.232.229.53:4443
77.220.64.34:443
193.90.12.121:3098
Targets
-
-
Target
Inv_997240_527764.xlsm
-
Size
51KB
-
MD5
ed931b0cc827a4f9051f80b6598a4f6e
-
SHA1
4ec5ef894b046c2486b63b503c6b93fc2c873188
-
SHA256
a0f15919fdcbd8208938d1118be24041fc917ca3a9a7be768eb08574fe80f447
-
SHA512
a7c7c5b2aca294cd15ff57bbbaf62d0b410ae0618c2a61bda4e2685cd6dc490cdc53dad8a329c96e59143cdb06cf32f781bd7554bd78ff45f11a0a7bac21bf5e
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Loads dropped DLL
-