General
-
Target
Cancellation_Letter_541411513-02242021.xls
-
Size
143KB
-
Sample
210225-ct8kpxgd6n
-
MD5
a7ba7bd69d41f3be1e69740c33c4fbf8
-
SHA1
d56bc9bf6e700c75b14322d174ff1c9fc881f3f0
-
SHA256
0c611fc0b990b1269c7e5d98613c9e0ab4d3a1166370ed707b8d6063f05f6de0
-
SHA512
ebb05d62cda68f61440a326902db33ab69d2404410de6c01c1f184115cce579cf76b5654663c3502c67770118e022b7a9175a1cc62523ca4e57c2fe755ab47c6
Behavioral task
behavioral1
Sample
Cancellation_Letter_541411513-02242021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cancellation_Letter_541411513-02242021.xls
Resource
win10v20201028
Malware Config
Extracted
http://sumonpro.xyz/nseoqnwbbvmc/44252290155555600000.dat
http://vngkinderopvang.nl/rmyjq/44252290155555600000.dat
http://stadt-fuchs.net/gwixglx/44252290155555600000.dat
http://hdmedia.pro/noexyryqori/44252290155555600000.dat
http://www.fernway.com/xjhuljbqv/44252290155555600000.dat
Targets
-
-
Target
Cancellation_Letter_541411513-02242021.xls
-
Size
143KB
-
MD5
a7ba7bd69d41f3be1e69740c33c4fbf8
-
SHA1
d56bc9bf6e700c75b14322d174ff1c9fc881f3f0
-
SHA256
0c611fc0b990b1269c7e5d98613c9e0ab4d3a1166370ed707b8d6063f05f6de0
-
SHA512
ebb05d62cda68f61440a326902db33ab69d2404410de6c01c1f184115cce579cf76b5654663c3502c67770118e022b7a9175a1cc62523ca4e57c2fe755ab47c6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-