General
-
Target
71660d23-ef27-45a0-90ae-5d5d4510da59.xls
-
Size
153KB
-
Sample
210215-l53spenlxe
-
MD5
bcf15b79717caf1b38a98c61a35a8b8b
-
SHA1
c950d1c433e555f892203393f2caf1b900b788b7
-
SHA256
8a15b6a9102ec6a5c7aa84548d52516a11085abce4b845946d47021f031db9dc
-
SHA512
bda713a26d0bb70d5ce076badb818eb2f6c23588cf4088f23f7838d210f06249bd2253d0ae458dd03a44e99eb11ff8c7835376c4bf6cf24118de5b439fe828de
Static task
static1
Behavioral task
behavioral1
Sample
71660d23-ef27-45a0-90ae-5d5d4510da59.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
71660d23-ef27-45a0-90ae-5d5d4510da59.xls
Resource
win10v20201028
Malware Config
Extracted
https://fortnitehecks.com/kev/xeda.dll
Targets
-
-
Target
71660d23-ef27-45a0-90ae-5d5d4510da59.xls
-
Size
153KB
-
MD5
bcf15b79717caf1b38a98c61a35a8b8b
-
SHA1
c950d1c433e555f892203393f2caf1b900b788b7
-
SHA256
8a15b6a9102ec6a5c7aa84548d52516a11085abce4b845946d47021f031db9dc
-
SHA512
bda713a26d0bb70d5ce076badb818eb2f6c23588cf4088f23f7838d210f06249bd2253d0ae458dd03a44e99eb11ff8c7835376c4bf6cf24118de5b439fe828de
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-