General
-
Target
intelligence,05.06.21.doc
-
Size
75KB
-
Sample
210506-yvaflty43s
-
MD5
b099701b7b7724a72a02fd847bc8fe70
-
SHA1
2385b9d3aa12d4c7ed4b8601cfeede5c445f0d1a
-
SHA256
83dbeb39be0b373bc8ea3c34c2ea78c5750a48bc1ac7699c84890f30e8e912bc
-
SHA512
8831d6304a1d748446f05e68af008d22c711881fa44214509aa16aec935afc5eeb66a7db9e1c7a275a69479985d263d7e5408fc95a327e1c1ae08c48784c1d8b
Static task
static1
Behavioral task
behavioral1
Sample
intelligence,05.06.21.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
intelligence,05.06.21.doc
Resource
win10v20210410
Malware Config
Extracted
icedid
2941843931
barcafokliresd.top
Targets
-
-
Target
intelligence,05.06.21.doc
-
Size
75KB
-
MD5
b099701b7b7724a72a02fd847bc8fe70
-
SHA1
2385b9d3aa12d4c7ed4b8601cfeede5c445f0d1a
-
SHA256
83dbeb39be0b373bc8ea3c34c2ea78c5750a48bc1ac7699c84890f30e8e912bc
-
SHA512
8831d6304a1d748446f05e68af008d22c711881fa44214509aa16aec935afc5eeb66a7db9e1c7a275a69479985d263d7e5408fc95a327e1c1ae08c48784c1d8b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-