General
-
Target
Documentation 644.xls
-
Size
778KB
-
Sample
210114-n5fd2vet92
-
MD5
955ddd57164c95530bbff3d5481c0cde
-
SHA1
38449ef5a84f657d39228df55586fa13cab8d9f1
-
SHA256
e9e0a2d27876dc9e0fb5e4a9675a23be3f1a8651f72d5774db0e34c0418fcbf8
-
SHA512
3f502ef2bf16519e0992129a0070efcee4905d88f60b75f1389e39e9549192631ed796f27918b797b0de917e46f3d8c7690201ad0df049e24251844dd0007e38
Static task
static1
Behavioral task
behavioral1
Sample
Documentation 644.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Documentation 644.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Documentation 644.xls
-
Size
778KB
-
MD5
955ddd57164c95530bbff3d5481c0cde
-
SHA1
38449ef5a84f657d39228df55586fa13cab8d9f1
-
SHA256
e9e0a2d27876dc9e0fb5e4a9675a23be3f1a8651f72d5774db0e34c0418fcbf8
-
SHA512
3f502ef2bf16519e0992129a0070efcee4905d88f60b75f1389e39e9549192631ed796f27918b797b0de917e46f3d8c7690201ad0df049e24251844dd0007e38
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-