General
-
Target
Scan 108.xls
-
Size
792KB
-
Sample
210114-jhw5f3c3je
-
MD5
1591b2551c119472366dbb437c9a12f2
-
SHA1
5e0e2ae88a7c7f70b288392583e0b955ebf0c715
-
SHA256
9e2e53a384fe464132f9a1c4918db48a933558c946fae7ef2aeed6b7ff59caae
-
SHA512
eeab26390ec5bfb1873afc326dc123095a465957d03eb3831d1a7d1dfea08013883bcfc9c7202dc94a65a222ef19d228af21c3d42241eb622eaf7f68cb8acf2b
Static task
static1
Behavioral task
behavioral1
Sample
Scan 108.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Scan 108.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Scan 108.xls
-
Size
792KB
-
MD5
1591b2551c119472366dbb437c9a12f2
-
SHA1
5e0e2ae88a7c7f70b288392583e0b955ebf0c715
-
SHA256
9e2e53a384fe464132f9a1c4918db48a933558c946fae7ef2aeed6b7ff59caae
-
SHA512
eeab26390ec5bfb1873afc326dc123095a465957d03eb3831d1a7d1dfea08013883bcfc9c7202dc94a65a222ef19d228af21c3d42241eb622eaf7f68cb8acf2b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-