General
-
Target
direct 05.21.doc
-
Size
79KB
-
Sample
210506-5sxf7l7c1e
-
MD5
dbedb87ba150b3ceae4ac1036fe3c9bd
-
SHA1
711ebf4c3910d2d91a5a13024aec23a47bde7d97
-
SHA256
26903fb6387161be921360f3803668c1d86a277dee246323bf1e11ed972641b4
-
SHA512
e042d7b3e4249273afac112a0a8d5d9c43d648ab821e9b0031cb15e4487ed92e118c855fd5dba1e45ba9029012ea2d6789f4bb869b3f0b862ca55434c4526574
Static task
static1
Behavioral task
behavioral1
Sample
direct 05.21.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
direct 05.21.doc
Resource
win10v20210410
Malware Config
Extracted
icedid
2941843931
dsedertyhuiokle.top
Targets
-
-
Target
direct 05.21.doc
-
Size
79KB
-
MD5
dbedb87ba150b3ceae4ac1036fe3c9bd
-
SHA1
711ebf4c3910d2d91a5a13024aec23a47bde7d97
-
SHA256
26903fb6387161be921360f3803668c1d86a277dee246323bf1e11ed972641b4
-
SHA512
e042d7b3e4249273afac112a0a8d5d9c43d648ab821e9b0031cb15e4487ed92e118c855fd5dba1e45ba9029012ea2d6789f4bb869b3f0b862ca55434c4526574
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-