General
-
Target
Payment copy details.xlsm
-
Size
13KB
-
Sample
210118-t3mw75ljjx
-
MD5
d6db15ab7f42874b6bf76b6ea59be9a7
-
SHA1
5c2cd0f4131bf097493bda618d0bfbf1e7c24bf1
-
SHA256
3fa582c6429bfe7cb4932594db7265d2540256c36341194341b38511241bd3ec
-
SHA512
50d9a8051f5b709df96b6962d7a83fbb67d96c03315b4671a79637f91aa59f916b8345fd2170309b4c10e0b4a9c44badc16fcf7136a4ba3279e66bfb78c754e2
Static task
static1
Behavioral task
behavioral1
Sample
Payment copy details.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Payment copy details.xlsm
Resource
win10v20201028
Malware Config
Extracted
http://hosseinsoltani.ir/LEGITTTT.exe
Targets
-
-
Target
Payment copy details.xlsm
-
Size
13KB
-
MD5
d6db15ab7f42874b6bf76b6ea59be9a7
-
SHA1
5c2cd0f4131bf097493bda618d0bfbf1e7c24bf1
-
SHA256
3fa582c6429bfe7cb4932594db7265d2540256c36341194341b38511241bd3ec
-
SHA512
50d9a8051f5b709df96b6962d7a83fbb67d96c03315b4671a79637f91aa59f916b8345fd2170309b4c10e0b4a9c44badc16fcf7136a4ba3279e66bfb78c754e2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-