General
-
Target
New Iquiry.xlsm
-
Size
143KB
-
Sample
210118-qamamgm93e
-
MD5
e815ac129a6c26ba513742fe3e834835
-
SHA1
0fff500ea03bbac5d9b439cd48ba386739eec351
-
SHA256
8c30635fa8cc452d445c345ac855339c23b3845dfe9d3cc91550d17771459a0e
-
SHA512
24008227c5455d7e35acb36a539964979cd63a33f1e81e7a8c51f3417dc1fdf08f5c2aa48e7ab058f96934c81acb7aba4ebd59ea738750bed66bd6bf3a39b5ce
Static task
static1
Behavioral task
behavioral1
Sample
New Iquiry.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
New Iquiry.xlsm
Resource
win10v20201028
Malware Config
Extracted
http://hosseinsoltani.ir/BROWNOBC.exe
Targets
-
-
Target
New Iquiry.xlsm
-
Size
143KB
-
MD5
e815ac129a6c26ba513742fe3e834835
-
SHA1
0fff500ea03bbac5d9b439cd48ba386739eec351
-
SHA256
8c30635fa8cc452d445c345ac855339c23b3845dfe9d3cc91550d17771459a0e
-
SHA512
24008227c5455d7e35acb36a539964979cd63a33f1e81e7a8c51f3417dc1fdf08f5c2aa48e7ab058f96934c81acb7aba4ebd59ea738750bed66bd6bf3a39b5ce
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-