General
-
Target
Attachment_78216.xlsb
-
Size
94KB
-
Sample
210224-znk3gmdjxs
-
MD5
51f9bfaf150751080cbae13b7f735f64
-
SHA1
eda977f3a0adc285c5d53c0668a74a8b46db5c2e
-
SHA256
b1053de19f619325d6c83395ac3f5d56376216ac142472a1f2a5471b205ccc27
-
SHA512
69592d73b02638f51e2d5d10aaae6e4b09aeaaf33174ad67e035aceefe1a1ff71254f8fe9c97452e8d81c6d833e07f84c455ec710033cc6a0108a09a22e3c057
Behavioral task
behavioral1
Sample
Attachment_78216.xlsb
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Attachment_78216.xlsb
Resource
win10v20201028
Malware Config
Extracted
http://139.162.167.231/campo/t2/t2
Targets
-
-
Target
Attachment_78216.xlsb
-
Size
94KB
-
MD5
51f9bfaf150751080cbae13b7f735f64
-
SHA1
eda977f3a0adc285c5d53c0668a74a8b46db5c2e
-
SHA256
b1053de19f619325d6c83395ac3f5d56376216ac142472a1f2a5471b205ccc27
-
SHA512
69592d73b02638f51e2d5d10aaae6e4b09aeaaf33174ad67e035aceefe1a1ff71254f8fe9c97452e8d81c6d833e07f84c455ec710033cc6a0108a09a22e3c057
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-