General
-
Target
Document931215825.xls
-
Size
53KB
-
Sample
201211-mv4apjk5ex
-
MD5
7054f04adc0695c6c8a1853526e13468
-
SHA1
dd8e0f4b4fe228985acaad81c7a8af5c575e3b0e
-
SHA256
62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7
-
SHA512
afa7d010c4b36cc681cef843964fb008b7d95e68501b9566cbc073038f5b1380e73aacbd187ac3694673a3c90453931a5479a61fb23138bc28d1d8425bece723
Static task
static1
Behavioral task
behavioral1
Sample
Document931215825.xls
Resource
win7v20201028
Malware Config
Extracted
trickbot
100006
rob20
80.242.220.146:449
177.221.108.198:449
41.243.29.182:449
178.134.55.190:449
194.5.249.71:443
195.123.242.207:443
184.95.51.178:443
94.158.245.90:443
192.3.247.125:443
156.96.47.3:443
192.3.73.165:443
192.119.171.230:443
141.136.0.42:443
45.12.110.206:443
5.34.180.168:443
195.123.242.202:443
196.45.140.146:449
103.250.70.163:443
103.87.25.220:443
118.69.133.4:443
-
autorunName:pwgrab
Targets
-
-
Target
Document931215825.xls
-
Size
53KB
-
MD5
7054f04adc0695c6c8a1853526e13468
-
SHA1
dd8e0f4b4fe228985acaad81c7a8af5c575e3b0e
-
SHA256
62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7
-
SHA512
afa7d010c4b36cc681cef843964fb008b7d95e68501b9566cbc073038f5b1380e73aacbd187ac3694673a3c90453931a5479a61fb23138bc28d1d8425bece723
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-