General
-
Target
attached (11).zip
-
Size
14KB
-
Sample
210304-bh4l3lx742
-
MD5
c4f6b1428e7bb311d0655b78191cd805
-
SHA1
c0ba4c0d61f0ec3dbdc2a10a129be29b4b39b705
-
SHA256
e94e260bed7472c40f90594cd6f9c6b3adbd27b1da1f4e8d0280d15c52984a36
-
SHA512
c0dd68a0f1ef050dabcc8f6ed25fed6b4e386b5e5bf0e5c934b0a4ad0b915328edaf64c10ab4d3f0b5d034e5425f5c1fb1acada1a581c9ba2ca268998766cd0d
Behavioral task
behavioral1
Sample
document-1364257063.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-1364257063.xls
Resource
win10v20201028
Malware Config
Extracted
http://etysu02scnabr03wzaxue.com/index.xls
Targets
-
-
Target
document-1364257063.xls
-
Size
86KB
-
MD5
7e5a066d793ba1d7c79c2cc159213251
-
SHA1
62388b55e9f6157d3f31554ab93310dab4483b25
-
SHA256
04bb4b5d089c38d80eb0a980aeb8fb0ed4a192027871e3d6bf1431bdd9c8137d
-
SHA512
1f7937ab7a1ec79b1164da458a06385b45cae5214d2aa4d096b4f1f19d6d7897eb61a7da624f2d968bd97d512f074c13fb3c2b8f2d70d215ff440c997422d65a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-