General
-
Target
Rep #1018.xls
-
Size
710KB
-
Sample
210114-xcaa1bc8na
-
MD5
0dc55d9f0ea057357c90243c0efddd9e
-
SHA1
7f0fa3b16a4172026b727ee80d8db9138807fbdc
-
SHA256
eef479f5835aa89881a9b44dd39da8cfb8ba0c82f25064370bdbd76ba32cbdf3
-
SHA512
5f9125ffffb193db8849aadf70b61aa389629efbcd2d2e6ed4fb327b9d9fb82512e88270f0610a8567df5dafba886470f5b150c9f9911ea72043b89ee111e182
Static task
static1
Behavioral task
behavioral1
Sample
Rep #1018.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Rep #1018.xls
Resource
win10v20201028
Malware Config
Extracted
dridex
111
52.73.70.149:443
8.4.9.152:3786
185.246.87.202:3098
50.116.111.64:5353
Targets
-
-
Target
Rep #1018.xls
-
Size
710KB
-
MD5
0dc55d9f0ea057357c90243c0efddd9e
-
SHA1
7f0fa3b16a4172026b727ee80d8db9138807fbdc
-
SHA256
eef479f5835aa89881a9b44dd39da8cfb8ba0c82f25064370bdbd76ba32cbdf3
-
SHA512
5f9125ffffb193db8849aadf70b61aa389629efbcd2d2e6ed4fb327b9d9fb82512e88270f0610a8567df5dafba886470f5b150c9f9911ea72043b89ee111e182
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
JavaScript code in executable
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-