General
-
Target
Cancellation_Letter_49813862-02242021.zip
-
Size
28KB
-
Sample
210225-rql7gyhqgs
-
MD5
970bd16657d10113bd6e86d97e371bb4
-
SHA1
a860c29b831ccea1ac746d1a0f6e677102a9639d
-
SHA256
6eb7f2dcc632b6d5824e2b601de62e32181fc6e443b184581da531f5d9dbfba6
-
SHA512
9a13b717bb629d6b52837ee07225749814927fd27a56522f9ea562e567b70789fefa8d1f2fdeea633bf738169ea703c2997391d1df38f1bd154e876b97c49103
Behavioral task
behavioral1
Sample
Cancellation_Letter_49813862-02242021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Cancellation_Letter_49813862-02242021.xls
Resource
win10v20201028
Malware Config
Extracted
http://jayshreewoods.com/kkcikakk/44252143816319500000.dat
http://old.hprgroup.pl/ideerdst/44252143816319500000.dat
http://youviral.in/nwkucot/44252143816319500000.dat
http://foodszo.com/axwsaj/44252143816319500000.dat
http://pactoporlaexcelenciaeducativa.mx/txaiuwgeayb/44252143816319500000.dat
Targets
-
-
Target
Cancellation_Letter_49813862-02242021.xls
-
Size
144KB
-
MD5
cc80bd56850052e57c4bc0be1753abcf
-
SHA1
b20db5d5906632d8a33eced3efa9fb478f3ad085
-
SHA256
7be59273d824a97031e8519a0ec36ef9eed4c173427bce10cd9e2af54973d076
-
SHA512
b0f091bf1938a7ea26b8f93f2fe3e935e2b7564d4367d1673e3b187b563d269c0b47a94f76e3b7a4959b075f8d7a00d53977efaca2e18eaf2e11c035969e5062
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-