General
-
Target
prescribe -05.21.doc
-
Size
79KB
-
Sample
210507-gmj137lkja
-
MD5
f783dd95bc127688cb406fe0d5d01ff0
-
SHA1
45ca3a0c157b8b2a38d5b20f1dd6963bb5d36a64
-
SHA256
e3ca77e541cc28d492ff279b51d97a81a1f46a73aac808e3b7f5d4952850e3d0
-
SHA512
c6dc3e33103f569a42c0f9033c099253fa94bf7570fed0d54b4d829486e72d8adb9cffb397dd33506ad98f30471ec6d31135efaa29bc9c147921b19ca7caf12d
Static task
static1
Behavioral task
behavioral1
Sample
prescribe -05.21.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
prescribe -05.21.doc
Resource
win10v20210408
Malware Config
Extracted
icedid
1436894865
zasertiokil.top
Targets
-
-
Target
prescribe -05.21.doc
-
Size
79KB
-
MD5
f783dd95bc127688cb406fe0d5d01ff0
-
SHA1
45ca3a0c157b8b2a38d5b20f1dd6963bb5d36a64
-
SHA256
e3ca77e541cc28d492ff279b51d97a81a1f46a73aac808e3b7f5d4952850e3d0
-
SHA512
c6dc3e33103f569a42c0f9033c099253fa94bf7570fed0d54b4d829486e72d8adb9cffb397dd33506ad98f30471ec6d31135efaa29bc9c147921b19ca7caf12d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-