General
-
Target
3572.xls
-
Size
59KB
-
Sample
210311-vj7hx8yj32
-
MD5
e80a7046b46c018961a88648f1f4b925
-
SHA1
86f92d518e7e7b565b6bcea41c4500c603687958
-
SHA256
951d0178fa25e42ca2bbd7f30e59936d98824a98c17e2abb766418fd4589b04d
-
SHA512
192b3da5129d7c440e66899a9ca30d83ce4ed8e41bb13ef01e12c92f954ebe3d53b9bf301ac610387a3e2654b14589d044cc00daed3ca8f18587aabf44e8fca3
Behavioral task
behavioral1
Sample
3572.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3572.xls
Resource
win10v20201028
Malware Config
Extracted
https://derocktech.com/k.php
Targets
-
-
Target
3572.xls
-
Size
59KB
-
MD5
e80a7046b46c018961a88648f1f4b925
-
SHA1
86f92d518e7e7b565b6bcea41c4500c603687958
-
SHA256
951d0178fa25e42ca2bbd7f30e59936d98824a98c17e2abb766418fd4589b04d
-
SHA512
192b3da5129d7c440e66899a9ca30d83ce4ed8e41bb13ef01e12c92f954ebe3d53b9bf301ac610387a3e2654b14589d044cc00daed3ca8f18587aabf44e8fca3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Deletes itself
-