General
-
Target
GFT_822286282_687395985.xls
-
Size
188KB
-
Sample
210304-tz7trdyl72
-
MD5
999288814f2399e599e458fdba0fa334
-
SHA1
3b7872616a33fcabdfe1655144bd130c5f2963cc
-
SHA256
bab6b7f6a10c835f8e38bde21d9420bbab615be6563a15404323033dc386fea3
-
SHA512
fde60138e35368cc846bb5cf0e1bd6323d63b5a81d773618d88c39dfe9683b30614d5464141955c60d1deeafc0cf6eb0cf0e24c8eaff3898acea35de710fa254
Behavioral task
behavioral1
Sample
GFT_822286282_687395985.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
GFT_822286282_687395985.xls
Resource
win10v20201028
Malware Config
Extracted
http://davidachim.com/wpold/document.php
Targets
-
-
Target
GFT_822286282_687395985.xls
-
Size
188KB
-
MD5
999288814f2399e599e458fdba0fa334
-
SHA1
3b7872616a33fcabdfe1655144bd130c5f2963cc
-
SHA256
bab6b7f6a10c835f8e38bde21d9420bbab615be6563a15404323033dc386fea3
-
SHA512
fde60138e35368cc846bb5cf0e1bd6323d63b5a81d773618d88c39dfe9683b30614d5464141955c60d1deeafc0cf6eb0cf0e24c8eaff3898acea35de710fa254
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-