General
-
Target
PaySlip140121.xls
-
Size
228KB
-
Sample
210119-mtbzfsax4j
-
MD5
45ce32bf7aa558411aafeb109f0d6e08
-
SHA1
41b37cc0c3eedb319846fc2a1a6f90b5bcbf16a8
-
SHA256
e7037dbffd138eb3cb17336a3b50aa9d82613125ce7d66dc7a125f09198e3a82
-
SHA512
c3ed5c81264f948854f4f40e81f2ffc6479e056bc9486c14f954daec8e23b1e0fd6c5ed0a3f830724f2585d90b9da6b86c11b409f2ba441516be7869ad5e794e
Behavioral task
behavioral1
Sample
PaySlip140121.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PaySlip140121.xls
Resource
win10v20201028
Malware Config
Extracted
https://cutt.ly/fjYtydH
Targets
-
-
Target
PaySlip140121.xls
-
Size
228KB
-
MD5
45ce32bf7aa558411aafeb109f0d6e08
-
SHA1
41b37cc0c3eedb319846fc2a1a6f90b5bcbf16a8
-
SHA256
e7037dbffd138eb3cb17336a3b50aa9d82613125ce7d66dc7a125f09198e3a82
-
SHA512
c3ed5c81264f948854f4f40e81f2ffc6479e056bc9486c14f954daec8e23b1e0fd6c5ed0a3f830724f2585d90b9da6b86c11b409f2ba441516be7869ad5e794e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-