General
-
Target
Reports 78497.xls
-
Size
875KB
-
Sample
210114-kc95q7cpma
-
MD5
e452debc1653b43f09dcd98d1f05ba14
-
SHA1
d68fb05919682ac456701041a955a42d6198b3ef
-
SHA256
59d0ba2bce05366ad852a51dd0e9387ae38ea0493f9ad8368e47a55903117018
-
SHA512
a89b049ce90147915cf09bdf36a506afa19f8c440f50a1db0cd1c7437bf522ca977559b4d9ab0a637534b5b5d0fb911e0e5d9104d5b46a91f5a502cfbf6d7413
Static task
static1
Behavioral task
behavioral1
Sample
Reports 78497.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Reports 78497.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Reports 78497.xls
-
Size
875KB
-
MD5
e452debc1653b43f09dcd98d1f05ba14
-
SHA1
d68fb05919682ac456701041a955a42d6198b3ef
-
SHA256
59d0ba2bce05366ad852a51dd0e9387ae38ea0493f9ad8368e47a55903117018
-
SHA512
a89b049ce90147915cf09bdf36a506afa19f8c440f50a1db0cd1c7437bf522ca977559b4d9ab0a637534b5b5d0fb911e0e5d9104d5b46a91f5a502cfbf6d7413
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-