General
-
Target
Notification_30123.xls
-
Size
712KB
-
Sample
210114-dqqw63sv6x
-
MD5
b85ecc80652b17815971cc13eb057e54
-
SHA1
dd8a1d3ecc7a27d39aaf60c438ef8374a3afe887
-
SHA256
f3c837323c135a7d7ed9d03f856c81463abb80174211117f4bda193a55f1b78e
-
SHA512
f87ccacc2f3792c33466ee49fc3a918f4589251abd5eb511778f0da8fc3bdfc373579c01d816cb19ff5b1aa0272d7291f2c1eb6498d065b2f8573231bf1c7003
Static task
static1
Behavioral task
behavioral1
Sample
Notification_30123.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Notification_30123.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Notification_30123.xls
-
Size
712KB
-
MD5
b85ecc80652b17815971cc13eb057e54
-
SHA1
dd8a1d3ecc7a27d39aaf60c438ef8374a3afe887
-
SHA256
f3c837323c135a7d7ed9d03f856c81463abb80174211117f4bda193a55f1b78e
-
SHA512
f87ccacc2f3792c33466ee49fc3a918f4589251abd5eb511778f0da8fc3bdfc373579c01d816cb19ff5b1aa0272d7291f2c1eb6498d065b2f8573231bf1c7003
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-