General
-
Target
Cancellation_Letter_1478817952-02242021.zip
-
Size
28KB
-
Sample
210224-2qajbpqf2e
-
MD5
2f2db45b9470948d807dd3e5bc46f530
-
SHA1
fff81c91f6ed2989e365c00f5c798a6da351956d
-
SHA256
5e682f78754c6e34d56edcec09bf9441813bc3dc08be0e8270d1df43790057aa
-
SHA512
8424dd3acb8c53ba7d6c4242e9e6358f06cc1a3053cc8468c092a62aab3f6aaf1061b03feb7d11863f3d61c896e15007c56221a027012b64fbd0812cdbb5c456
Behavioral task
behavioral1
Sample
Cancellation_Letter_1478817952-02242021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cancellation_Letter_1478817952-02242021.xls
Resource
win10v20201028
Malware Config
Extracted
http://slmtv.com/tfbgl/44251701445833300000.dat
http://dicomm-001-site35.ctempurl.com/pmslsda/44251701445833300000.dat
http://konyahaberler.xyz/hxjxxwav/44251701445833300000.dat
http://pandsquinny.com/nlbzyhfs/44251701445833300000.dat
Targets
-
-
Target
Cancellation_Letter_1478817952-02242021.xls
-
Size
144KB
-
MD5
38e8d1a8dfe9c39a1369f184d018a3ad
-
SHA1
bfdd5fdbbd3864df904665a4d2817c9c9232c6b1
-
SHA256
cfac4de5500a9183b6e9763dd08559184630fa5629e9b7b75872092dac199676
-
SHA512
a2c1817170c42f8c735e1921bacdd601f3594db7c23bd2bd4c9d8b9e203843db561ff2a050dfe8d2a637491b8903651c1dca50b060928d40b174456997f03912
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-