General
-
Target
1467.xls
-
Size
58KB
-
Sample
210309-wawxw8mfnj
-
MD5
f2eec4ae2d39c71e890ec9c6363ad610
-
SHA1
6d3bfff05123301d943c0fb35075dd1db4c5b4cb
-
SHA256
f135df298eb26bce0e9adb00e2a619cf15e5f0cf2966c3200020c50d55c1bdf2
-
SHA512
cd9de0a26a408df3705b4b31665203dfa6d7839acc168f60c94f7327cce10925414e6be64980c113fabd27ff70a687e09c87a5b10ae67eef21f86173e4766988
Behavioral task
behavioral1
Sample
1467.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1467.xls
Resource
win10v20201028
Malware Config
Extracted
https://derocktech.com/k.php
https://solemnenterprise.com/k.php
Targets
-
-
Target
1467.xls
-
Size
58KB
-
MD5
f2eec4ae2d39c71e890ec9c6363ad610
-
SHA1
6d3bfff05123301d943c0fb35075dd1db4c5b4cb
-
SHA256
f135df298eb26bce0e9adb00e2a619cf15e5f0cf2966c3200020c50d55c1bdf2
-
SHA512
cd9de0a26a408df3705b4b31665203dfa6d7839acc168f60c94f7327cce10925414e6be64980c113fabd27ff70a687e09c87a5b10ae67eef21f86173e4766988
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-