General
-
Target
Inv #147.xls
-
Size
706KB
-
Sample
210114-w27m4381d6
-
MD5
77e05d6f0c417328a50a29af170e1efd
-
SHA1
3167568a7dcef3faba0a4636ff71f2844d6d8962
-
SHA256
346a5f545abd67c879755d34f5985f038b30704d97ed59b5597d9dc251336080
-
SHA512
2ea0153df0240a964e92ef4b5477ed361a20614149f36992496914a89bf3fc5abb582fd3fe4478aa0b6b2c8de6f1d4358aa5baec664f4fa5caf2aa1b841433e1
Static task
static1
Behavioral task
behavioral1
Sample
Inv #147.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Inv #147.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Inv #147.xls
-
Size
706KB
-
MD5
77e05d6f0c417328a50a29af170e1efd
-
SHA1
3167568a7dcef3faba0a4636ff71f2844d6d8962
-
SHA256
346a5f545abd67c879755d34f5985f038b30704d97ed59b5597d9dc251336080
-
SHA512
2ea0153df0240a964e92ef4b5477ed361a20614149f36992496914a89bf3fc5abb582fd3fe4478aa0b6b2c8de6f1d4358aa5baec664f4fa5caf2aa1b841433e1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-