General
-
Target
Reports_6633.xls
-
Size
797KB
-
Sample
210114-afj59v96fx
-
MD5
70582dd298a2785233bdc58ef6ebf124
-
SHA1
385ab29a95d5bd46981a3d4b11fe42c2c50059ae
-
SHA256
861f0ff89dfec337fe08a17a305020ef1b7d27efb4c367793138561020cd93f8
-
SHA512
d3f692e868cc0990d518a587a474747c286e97fec06960d0a9f088d8741f7e0592105450836c282583c5dc6bc2a60fbfd17034ffa0c1988633b27a103fab9b73
Static task
static1
Behavioral task
behavioral1
Sample
Reports_6633.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Reports_6633.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Reports_6633.xls
-
Size
797KB
-
MD5
70582dd298a2785233bdc58ef6ebf124
-
SHA1
385ab29a95d5bd46981a3d4b11fe42c2c50059ae
-
SHA256
861f0ff89dfec337fe08a17a305020ef1b7d27efb4c367793138561020cd93f8
-
SHA512
d3f692e868cc0990d518a587a474747c286e97fec06960d0a9f088d8741f7e0592105450836c282583c5dc6bc2a60fbfd17034ffa0c1988633b27a103fab9b73
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-