General
-
Target
Notification #591501.xls
-
Size
790KB
-
Sample
210114-1lqfzsgq7s
-
MD5
e004ebdc104e70001d0d1453ccbbf7a8
-
SHA1
35f4b94344109eb3245c653277e3b41e0d5277de
-
SHA256
1920c8c809d225ed5239f9aa0c510148a6b292d639e9d2ab13146129d255f3c1
-
SHA512
2404f047e176aefd57234009a588c01b97ac263ebefc06a3e55e55ea13267eceb5b00b0a62a643701b23d06f77f529b80a11801c08e283210b25594a00489e9a
Static task
static1
Behavioral task
behavioral1
Sample
Notification #591501.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Notification #591501.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Notification #591501.xls
-
Size
790KB
-
MD5
e004ebdc104e70001d0d1453ccbbf7a8
-
SHA1
35f4b94344109eb3245c653277e3b41e0d5277de
-
SHA256
1920c8c809d225ed5239f9aa0c510148a6b292d639e9d2ab13146129d255f3c1
-
SHA512
2404f047e176aefd57234009a588c01b97ac263ebefc06a3e55e55ea13267eceb5b00b0a62a643701b23d06f77f529b80a11801c08e283210b25594a00489e9a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-