General
-
Target
Rep #226186.xls
-
Size
852KB
-
Sample
210114-n2ad8e8eca
-
MD5
0f2bf8e4e3e5c913f80b107afb512a92
-
SHA1
4253b6482fc02873f319c9f154d2b25af73744f2
-
SHA256
1e98e612249a70213c5962fa546f54ac53eed8002597b03a2a9de4cc64ca5399
-
SHA512
7cd396aa24a4f6ac5383ed6cc78be7928d672961f346ffb8df6ddb69ebdfec075c92218b531a0f40c1f84e7c68dbab29b8d56bd49c02660dfff15bd2b85dc2b6
Static task
static1
Behavioral task
behavioral1
Sample
Rep #226186.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Rep #226186.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Rep #226186.xls
-
Size
852KB
-
MD5
0f2bf8e4e3e5c913f80b107afb512a92
-
SHA1
4253b6482fc02873f319c9f154d2b25af73744f2
-
SHA256
1e98e612249a70213c5962fa546f54ac53eed8002597b03a2a9de4cc64ca5399
-
SHA512
7cd396aa24a4f6ac5383ed6cc78be7928d672961f346ffb8df6ddb69ebdfec075c92218b531a0f40c1f84e7c68dbab29b8d56bd49c02660dfff15bd2b85dc2b6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-