General
-
Target
bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56.xlsm
-
Size
73KB
-
Sample
210208-x3q3889hye
-
MD5
20f9a7843d3f358a6ecfd6dd828cdd6d
-
SHA1
9a9b0eb8265cb116bb5bf9e1e1aa29f6ac6b621a
-
SHA256
bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56
-
SHA512
da7564e4886ca190feb0b9408165fa6b6ecc0ef2f44e6e2f7d7164fd7e609371cc6255f6128ce1bf678d4fca7895d4315b7520b2be3b6a4469053e8f789dcdea
Behavioral task
behavioral1
Sample
bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56.xlsm
Resource
win10v20201028
Malware Config
Targets
-
-
Target
bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56.xlsm
-
Size
73KB
-
MD5
20f9a7843d3f358a6ecfd6dd828cdd6d
-
SHA1
9a9b0eb8265cb116bb5bf9e1e1aa29f6ac6b621a
-
SHA256
bc1d978695e3dc1666923fa13de923870a7604375d57bb6771e2f4bcd8ae8d56
-
SHA512
da7564e4886ca190feb0b9408165fa6b6ecc0ef2f44e6e2f7d7164fd7e609371cc6255f6128ce1bf678d4fca7895d4315b7520b2be3b6a4469053e8f789dcdea
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-