General
-
Target
CompensationClaim_605614143_03152021.xls
-
Size
233KB
-
Sample
210315-hd8sfj8j6s
-
MD5
40a0ac4f15fbdb21b9301283956afc03
-
SHA1
5980ff25f008f5500d7f5733a181f77ae88b4a3f
-
SHA256
1852801558498c3bbc67b028b592ba9444a4e687a7f67737a393ce3f756d8c87
-
SHA512
8e7a23f4f86b36b2136e15e2692173db960963cdc41a15ddffd3b31c388c478eabfc1d50ba022920923df0d64987a2d812eb5056ccbcd5e1154a951a9fabef6e
Behavioral task
behavioral1
Sample
CompensationClaim_605614143_03152021.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
CompensationClaim_605614143_03152021.xls
Resource
win10v20201028
Malware Config
Extracted
http://188.127.254.114/44270.7354857639.dat
http://185.82.219.160/44270.7354857639.dat
http://45.140.146.34/44270.7354857639.dat
Targets
-
-
Target
CompensationClaim_605614143_03152021.xls
-
Size
233KB
-
MD5
40a0ac4f15fbdb21b9301283956afc03
-
SHA1
5980ff25f008f5500d7f5733a181f77ae88b4a3f
-
SHA256
1852801558498c3bbc67b028b592ba9444a4e687a7f67737a393ce3f756d8c87
-
SHA512
8e7a23f4f86b36b2136e15e2692173db960963cdc41a15ddffd3b31c388c478eabfc1d50ba022920923df0d64987a2d812eb5056ccbcd5e1154a951a9fabef6e
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-