General
-
Target
Cancellation_Letter_217264958-02242021.xls
-
Size
144KB
-
Sample
210224-ph97zl8j2s
-
MD5
389468f5a4fe1158686489601158c933
-
SHA1
0bc2d33169724e8783b16b7ac4cf3664b8110ee0
-
SHA256
4c6dcbefc272d8ff6cd6276398c960c1f765219b62bfc299289e90f38e8f34cc
-
SHA512
fcebe3686bd601bfa5dec9e8a5c766ad8ebc5ca5568c429ed436505a0af08a1dffca30e3aa6d5ff7d8ee3558ba0f86584ab2c7e76005d5ac9a2c66efc384df50
Behavioral task
behavioral1
Sample
Cancellation_Letter_217264958-02242021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cancellation_Letter_217264958-02242021.xls
Resource
win10v20201028
Malware Config
Extracted
http://eventpeople.pro/cfuizfotpz/44251880983449100000.dat
http://ledia.shop:80/dwwzeqw/44251880983449100000.dat
http://jttires.com/ykcfoknw/44251880983449100000.dat
http://dnvillas.com/ncmlzqphuqma/44251880983449100000.dat
http://meta.group/ffbupgnegjy/44251880983449100000.dat
Targets
-
-
Target
Cancellation_Letter_217264958-02242021.xls
-
Size
144KB
-
MD5
389468f5a4fe1158686489601158c933
-
SHA1
0bc2d33169724e8783b16b7ac4cf3664b8110ee0
-
SHA256
4c6dcbefc272d8ff6cd6276398c960c1f765219b62bfc299289e90f38e8f34cc
-
SHA512
fcebe3686bd601bfa5dec9e8a5c766ad8ebc5ca5568c429ed436505a0af08a1dffca30e3aa6d5ff7d8ee3558ba0f86584ab2c7e76005d5ac9a2c66efc384df50
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-