General
-
Target
subscription_1618592996.xlsb
-
Size
269KB
-
Sample
210416-b25s6zzsb2
-
MD5
e86b9229ec1b692dff17c074843d27da
-
SHA1
61598ee67b6f4f5ac01a5f0752dfe3324d00c66f
-
SHA256
6d6ff6f138defb2bb7602c08c1cb22930f5e30ef264eeaf760f99d4ca95beca7
-
SHA512
a8f9105ab7b360c492e0409d1d5b3912eba29fe2175036af676083a145f0a80b5924745d3b64b8ac82f499ac3c16df15c6650f30ea9bb006cca30931984e265b
Behavioral task
behavioral1
Sample
subscription_1618592996.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
subscription_1618592996.xlsb
Resource
win10v20210408
Malware Config
Extracted
Targets
-
-
Target
subscription_1618592996.xlsb
-
Size
269KB
-
MD5
e86b9229ec1b692dff17c074843d27da
-
SHA1
61598ee67b6f4f5ac01a5f0752dfe3324d00c66f
-
SHA256
6d6ff6f138defb2bb7602c08c1cb22930f5e30ef264eeaf760f99d4ca95beca7
-
SHA512
a8f9105ab7b360c492e0409d1d5b3912eba29fe2175036af676083a145f0a80b5924745d3b64b8ac82f499ac3c16df15c6650f30ea9bb006cca30931984e265b
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-