General
-
Target
Copy_#_824.xls
-
Size
707KB
-
Sample
210114-ffet2qky3a
-
MD5
36e8e3ce267eed9890d07b45b339a71b
-
SHA1
47e662c6d5041836ba207ad2e6ed22a99ca1a4da
-
SHA256
7bebb1f39af44412c5a7d8263d4fdae5ec1f234ad2f96e6f07add6daa3ce9b0a
-
SHA512
af22f3d08e86f3b97f0169f3ceeed46dd0cfb027d761c9b9b6589e2b8b2990a63d1ac3a40d1dcb0b0d4b2f7a2df16e898e66d158b00e567d37699f572fc6d9f3
Static task
static1
Behavioral task
behavioral1
Sample
Copy_#_824.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Copy_#_824.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Copy_#_824.xls
-
Size
707KB
-
MD5
36e8e3ce267eed9890d07b45b339a71b
-
SHA1
47e662c6d5041836ba207ad2e6ed22a99ca1a4da
-
SHA256
7bebb1f39af44412c5a7d8263d4fdae5ec1f234ad2f96e6f07add6daa3ce9b0a
-
SHA512
af22f3d08e86f3b97f0169f3ceeed46dd0cfb027d761c9b9b6589e2b8b2990a63d1ac3a40d1dcb0b0d4b2f7a2df16e898e66d158b00e567d37699f572fc6d9f3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-