General
-
Target
428E1ABAB62B190787DB4A57D19CCF86.xls
-
Size
799KB
-
Sample
210120-bzc4n9ey6j
-
MD5
428e1abab62b190787db4a57d19ccf86
-
SHA1
b443cbc0b74ac39f696585f99160ddb5bfdc1e3a
-
SHA256
5548251bf7e67b8dfa368d5b1e6699d9f260324e419d3e530c1d5ea927e3aaf2
-
SHA512
3988a34186641af8c65feb0a0938eeee5d849fc3df0b93d82fa7f9b44527f17dd714dd0e2539058691fbbf48f0d72469acdb597ea2e4233192f4a8f936ef9d3b
Static task
static1
Behavioral task
behavioral1
Sample
428E1ABAB62B190787DB4A57D19CCF86.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
428E1ABAB62B190787DB4A57D19CCF86.xls
Resource
win10v20201028
Malware Config
Targets
-
-
Target
428E1ABAB62B190787DB4A57D19CCF86.xls
-
Size
799KB
-
MD5
428e1abab62b190787db4a57d19ccf86
-
SHA1
b443cbc0b74ac39f696585f99160ddb5bfdc1e3a
-
SHA256
5548251bf7e67b8dfa368d5b1e6699d9f260324e419d3e530c1d5ea927e3aaf2
-
SHA512
3988a34186641af8c65feb0a0938eeee5d849fc3df0b93d82fa7f9b44527f17dd714dd0e2539058691fbbf48f0d72469acdb597ea2e4233192f4a8f936ef9d3b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-