General
-
Target
Cancellation_Letter_652756670-02242021.xls
-
Size
144KB
-
Sample
210225-d7yfj8lsqx
-
MD5
241c5067481fc70f56aafcd73d11fcfb
-
SHA1
12639f46358f960aa7c75582bf46b0f983ecf6c7
-
SHA256
4308d271f422311004ba2b303296721ce9bbbc230c41677c9c9d0227cd46bfcb
-
SHA512
2f36a4ebe0c852b8eb19cf56e09fd36331d490b71a2dc63e51ca9e7aca49ef8f4ae8aada56506d10f27a64b912c2357e256860cdb7951ebc9a0117bea3875025
Behavioral task
behavioral1
Sample
Cancellation_Letter_652756670-02242021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cancellation_Letter_652756670-02242021.xls
Resource
win10v20201028
Malware Config
Extracted
http://eventpeople.pro/cfuizfotpz/44252505664004600000.dat
http://ledia.shop:80/dwwzeqw/44252505664004600000.dat
http://jttires.com/ykcfoknw/44252505664004600000.dat
http://dnvillas.com/ncmlzqphuqma/44252505664004600000.dat
http://meta.group/ffbupgnegjy/44252505664004600000.dat
Targets
-
-
Target
Cancellation_Letter_652756670-02242021.xls
-
Size
144KB
-
MD5
241c5067481fc70f56aafcd73d11fcfb
-
SHA1
12639f46358f960aa7c75582bf46b0f983ecf6c7
-
SHA256
4308d271f422311004ba2b303296721ce9bbbc230c41677c9c9d0227cd46bfcb
-
SHA512
2f36a4ebe0c852b8eb19cf56e09fd36331d490b71a2dc63e51ca9e7aca49ef8f4ae8aada56506d10f27a64b912c2357e256860cdb7951ebc9a0117bea3875025
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-