General
-
Target
Invoice_#_76493.xls
-
Size
708KB
-
Sample
210114-svawdcdyys
-
MD5
a620468e6531acdd66d489d74320a54d
-
SHA1
7055184739c438f2fdc770faced61b5a533a3aac
-
SHA256
9ee8a6a201f5c956b8b37d692242a628d2d08d315629a35decc56c35439150a5
-
SHA512
b1b9ef3c83167614f443c5b148fe02e0a8264eb2cd70e0249e657719114a1ab7447f105c81eab7ba65c4745872870564831de09a5b6497ad8044123ea5235572
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_#_76493.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Invoice_#_76493.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Invoice_#_76493.xls
-
Size
708KB
-
MD5
a620468e6531acdd66d489d74320a54d
-
SHA1
7055184739c438f2fdc770faced61b5a533a3aac
-
SHA256
9ee8a6a201f5c956b8b37d692242a628d2d08d315629a35decc56c35439150a5
-
SHA512
b1b9ef3c83167614f443c5b148fe02e0a8264eb2cd70e0249e657719114a1ab7447f105c81eab7ba65c4745872870564831de09a5b6497ad8044123ea5235572
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-