General
-
Target
Cancellation_Letter_2033552955-02242021.xls
-
Size
144KB
-
Sample
210225-ch2h9gerx6
-
MD5
fa97a4c92829859c6451e0ecdba01677
-
SHA1
60531f215101681b6946e2ff65e7c480644ac701
-
SHA256
ddc07e798b52af9e1cd2c8fba015dfc2250c9accc77dc1fabaf3bbde1ace2feb
-
SHA512
1e941547393b38883584ab960acd754485217d21aa53110a452d3e25b4eca026d5e5b89c645c8a30d4294c6f13d63d71b7cb942fff4b19cd4c15c1d1003039dd
Behavioral task
behavioral1
Sample
Cancellation_Letter_2033552955-02242021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cancellation_Letter_2033552955-02242021.xls
Resource
win10v20201028
Malware Config
Extracted
http://eventpeople.pro/cfuizfotpz/44252605988657400000.dat
http://ledia.shop:80/dwwzeqw/44252605988657400000.dat
http://jttires.com/ykcfoknw/44252605988657400000.dat
http://dnvillas.com/ncmlzqphuqma/44252605988657400000.dat
http://meta.group/ffbupgnegjy/44252605988657400000.dat
Targets
-
-
Target
Cancellation_Letter_2033552955-02242021.xls
-
Size
144KB
-
MD5
fa97a4c92829859c6451e0ecdba01677
-
SHA1
60531f215101681b6946e2ff65e7c480644ac701
-
SHA256
ddc07e798b52af9e1cd2c8fba015dfc2250c9accc77dc1fabaf3bbde1ace2feb
-
SHA512
1e941547393b38883584ab960acd754485217d21aa53110a452d3e25b4eca026d5e5b89c645c8a30d4294c6f13d63d71b7cb942fff4b19cd4c15c1d1003039dd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-