General
-
Target
Attachment_97680.xlsb
-
Size
197KB
-
Sample
210302-p4127nacxs
-
MD5
5906bbbde1afbe182c8d906242dc188a
-
SHA1
8aea80bc46a0e001d1aae1afeafe0efbff85c27d
-
SHA256
e3dca019f7423fad1343bf9c9b4f8fa993619ec82d6ca86995b3b4bd003ea106
-
SHA512
f713460396a6cc2a4dc3022a739675bd89fda582f9e8547e4572f610e61d7b511eb737b0a1cf4c5d29ac7f87bfc3213d8cefc75e5ce4b0d176dabfe7c9f97889
Behavioral task
behavioral1
Sample
Attachment_97680.xlsb
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Attachment_97680.xlsb
Resource
win10v20201028
Malware Config
Extracted
http://195.123.219.21/campo/t3/t3
Targets
-
-
Target
Attachment_97680.xlsb
-
Size
197KB
-
MD5
5906bbbde1afbe182c8d906242dc188a
-
SHA1
8aea80bc46a0e001d1aae1afeafe0efbff85c27d
-
SHA256
e3dca019f7423fad1343bf9c9b4f8fa993619ec82d6ca86995b3b4bd003ea106
-
SHA512
f713460396a6cc2a4dc3022a739675bd89fda582f9e8547e4572f610e61d7b511eb737b0a1cf4c5d29ac7f87bfc3213d8cefc75e5ce4b0d176dabfe7c9f97889
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-