General
-
Target
b8b8923e-79b8-4df5-9319-f5fb28d55b79.zip
-
Size
23KB
-
Sample
210211-5lhg1d67re
-
MD5
364f13f27020610273ec60ea351f18c3
-
SHA1
59cbe0b966a7c76a3f2ec508b692449f0d76aa0f
-
SHA256
3f40ecc537e282b0e4b62e91e6d1d59d6bf1ee758d6de957c7241033b5c57088
-
SHA512
1dfc40e49890e300d2605a5b890d40b41b6fb2955a8352abe6919965b7d6b08ff6b7f7d6c69d1e1908165f667b90131c979da9c40bbc3cbaaca4ee9bc74171f5
Behavioral task
behavioral1
Sample
Calculation-292244811-01262021.xlsm
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Calculation-292244811-01262021.xlsm
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Calculation-292244811-01262021.xlsm
-
Size
25KB
-
MD5
60c73c459b141b7a0a6b2be771d0ca46
-
SHA1
cf9d2a4535c57d380176ea6a5721eea6371cfce0
-
SHA256
b60b7978c25a388825519e39fc1ce526ddb0828396f149b77914184b34d14c47
-
SHA512
b8ece448ddbc1810bf005b96ac879a40c9c8cb73c0f460b026bff9308f5fb5178b92c857336005697a0568c9a816057d960c945a11d51e439b882553668063fe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-