General
-
Target
Attachment_78387.xlsb
-
Size
94KB
-
Sample
210224-r3mgadymwe
-
MD5
74767e071069d33b535a15a8e6d98084
-
SHA1
29d5d3d28790d34e79bcbe2a579c962184c8e3c2
-
SHA256
ad9cee450812467571d9816e6d372ce8a3fb14fc303cece2b64d382d4136854a
-
SHA512
26d8353dfc5dd1afc9aa9ee532200fcc7c71f31d70b59fe31e2aedf10ab48b6d6dfb3aeeabc4ff5b380af14f01867e994e7ae49e0407f3009f894b8eafe51577
Behavioral task
behavioral1
Sample
Attachment_78387.xlsb
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Attachment_78387.xlsb
Resource
win10v20201028
Malware Config
Extracted
http://139.162.167.231/campo/t2/t2
Targets
-
-
Target
Attachment_78387.xlsb
-
Size
94KB
-
MD5
74767e071069d33b535a15a8e6d98084
-
SHA1
29d5d3d28790d34e79bcbe2a579c962184c8e3c2
-
SHA256
ad9cee450812467571d9816e6d372ce8a3fb14fc303cece2b64d382d4136854a
-
SHA512
26d8353dfc5dd1afc9aa9ee532200fcc7c71f31d70b59fe31e2aedf10ab48b6d6dfb3aeeabc4ff5b380af14f01867e994e7ae49e0407f3009f894b8eafe51577
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-