General
-
Target
document-05.21.doc
-
Size
79KB
-
Sample
210510-s2wffgxhen
-
MD5
a14195c0b5228bdd64f6364af8fce367
-
SHA1
f27ec771c7b93a4fbef684e38acf9afcc37a1a61
-
SHA256
f1b68ba10435e560511fad7b9fc1f9e3d194ee4f633dc7f7c5a7c94db86314e0
-
SHA512
dd693b6573a7bcc01900b143d272613f4729f11fe13e5feb70f6e8bc2bfb826a9e3684b490b9cd20de625e164982a55dcb732b4cec8165073e13055f924e5057
Static task
static1
Behavioral task
behavioral1
Sample
document-05.21.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
document-05.21.doc
Resource
win10v20210410
Malware Config
Extracted
icedid
1420117246
zasewartefiko.top
Targets
-
-
Target
document-05.21.doc
-
Size
79KB
-
MD5
a14195c0b5228bdd64f6364af8fce367
-
SHA1
f27ec771c7b93a4fbef684e38acf9afcc37a1a61
-
SHA256
f1b68ba10435e560511fad7b9fc1f9e3d194ee4f633dc7f7c5a7c94db86314e0
-
SHA512
dd693b6573a7bcc01900b143d272613f4729f11fe13e5feb70f6e8bc2bfb826a9e3684b490b9cd20de625e164982a55dcb732b4cec8165073e13055f924e5057
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-