General
-
Target
PaySlip.xls
-
Size
157KB
-
Sample
210119-8ygpqxqywj
-
MD5
3202c4586c4991c9f5312238f7577d8e
-
SHA1
10291ff94dbce8eda7aa9ede69bf984a084b8b9e
-
SHA256
3f97ea67ea560c851c589e4b7161f60ece5c390a9e194818b30987b212434c06
-
SHA512
ebe2a28ac003935a61b9795b39aa34324d275aed8340263d9566b6068cbe813e979f28b6243d9115bbd2d23988a161129675aaa33281b855399b15ffb4aa1691
Behavioral task
behavioral1
Sample
PaySlip.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PaySlip.xls
Resource
win10v20201028
Malware Config
Extracted
https://cutt.ly/fjYtydH
Targets
-
-
Target
PaySlip.xls
-
Size
157KB
-
MD5
3202c4586c4991c9f5312238f7577d8e
-
SHA1
10291ff94dbce8eda7aa9ede69bf984a084b8b9e
-
SHA256
3f97ea67ea560c851c589e4b7161f60ece5c390a9e194818b30987b212434c06
-
SHA512
ebe2a28ac003935a61b9795b39aa34324d275aed8340263d9566b6068cbe813e979f28b6243d9115bbd2d23988a161129675aaa33281b855399b15ffb4aa1691
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-