General
-
Target
Report_#_301.xls
-
Size
814KB
-
Sample
210114-cnmrktc4ss
-
MD5
08b8f5fdfe51f4c656e8fb00c78a1e71
-
SHA1
3313966cbebfaf302ae2e260b0432b8ed735f39d
-
SHA256
2f99f137ccfabdc69cfbffb4805a07cf53310271e627b4f2f2291dc9b9afb5fd
-
SHA512
a0861dd49296f90cc6f1836ea3d8efdcf09b49b4ca6f344417de2ab1ff1f52474f0c13cbbbbddb531c39194b680e6a3f5ae00ab2204ee2310a18a30fd52b038f
Static task
static1
Behavioral task
behavioral1
Sample
Report_#_301.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Report_#_301.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Report_#_301.xls
-
Size
814KB
-
MD5
08b8f5fdfe51f4c656e8fb00c78a1e71
-
SHA1
3313966cbebfaf302ae2e260b0432b8ed735f39d
-
SHA256
2f99f137ccfabdc69cfbffb4805a07cf53310271e627b4f2f2291dc9b9afb5fd
-
SHA512
a0861dd49296f90cc6f1836ea3d8efdcf09b49b4ca6f344417de2ab1ff1f52474f0c13cbbbbddb531c39194b680e6a3f5ae00ab2204ee2310a18a30fd52b038f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-