General
-
Target
document-679517211.xls
-
Size
86KB
-
Sample
210226-1ptrwh52dj
-
MD5
872ba2f87e7fec59d16b21d5e32e8998
-
SHA1
2b01eaf941703e63cb8fc41f298245cbc398258b
-
SHA256
50ce61238d00449cb50a1b66c5fb76766d35bd7ccaf8617e6d164c07f6c821df
-
SHA512
3e7c5493cd0f1c2314f9bd971145fc0eb2994d082416da5d3e5e21e54ce5680356a69fd6e819e4c6e1d5eaeb42e4cdb67e66445512b4adc5ddfd22ab602f2452
Behavioral task
behavioral1
Sample
document-679517211.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-679517211.xls
Resource
win10v20201028
Malware Config
Extracted
http://nvrih26coxejl02enyfn.com/fera/frid.gif
Targets
-
-
Target
document-679517211.xls
-
Size
86KB
-
MD5
872ba2f87e7fec59d16b21d5e32e8998
-
SHA1
2b01eaf941703e63cb8fc41f298245cbc398258b
-
SHA256
50ce61238d00449cb50a1b66c5fb76766d35bd7ccaf8617e6d164c07f6c821df
-
SHA512
3e7c5493cd0f1c2314f9bd971145fc0eb2994d082416da5d3e5e21e54ce5680356a69fd6e819e4c6e1d5eaeb42e4cdb67e66445512b4adc5ddfd22ab602f2452
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-