General
-
Target
rule.05.21.doc
-
Size
75KB
-
Sample
210504-3m6vtddy3j
-
MD5
b946e5876bfe78898077a1af8f623ef7
-
SHA1
8c7e0eed137eaa082dfe0d8b3f7429cc10e35da2
-
SHA256
718ace8dedfa4d43286f7749d11096f65e18fd48581c7e274d96fd958eb3ffda
-
SHA512
8596a28d549d6fe6997aebdd73b7afdf63a67a15dd8d3ff27b4e7ed439f61d3afd92f718f782466be00b140bd4849f963fb3adc086cefa3dd35afbaed4968e07
Static task
static1
Behavioral task
behavioral1
Sample
rule.05.21.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
rule.05.21.doc
Resource
win10v20210410
Malware Config
Extracted
icedid
3042509645
barcafokliresd.top
Targets
-
-
Target
rule.05.21.doc
-
Size
75KB
-
MD5
b946e5876bfe78898077a1af8f623ef7
-
SHA1
8c7e0eed137eaa082dfe0d8b3f7429cc10e35da2
-
SHA256
718ace8dedfa4d43286f7749d11096f65e18fd48581c7e274d96fd958eb3ffda
-
SHA512
8596a28d549d6fe6997aebdd73b7afdf63a67a15dd8d3ff27b4e7ed439f61d3afd92f718f782466be00b140bd4849f963fb3adc086cefa3dd35afbaed4968e07
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-