General
-
Target
71104249411-05132021.zip
-
Size
150KB
-
Sample
210513-yg8kjvjkl2
-
MD5
b3b041f438fe3f44cc0a566dee91e44f
-
SHA1
3ef91622ffc97e03f5e9d8617ec9c6e847219f01
-
SHA256
71243aa303a229d55c0f78decfffc631a40524f309bda645fda46fa0a9d55b56
-
SHA512
8bfe7206f5f193cf24acce39d4d2cabfd1ac780f01633e727f047026a7865134f123a754e879d54cb59c00ce0bcb1acb50a308b2e6fa0623ee9b68b79f8ec8d9
Behavioral task
behavioral1
Sample
71104249411-05132021.xlsm
Resource
win7v20210410
Behavioral task
behavioral2
Sample
71104249411-05132021.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://91.211.91.85/44329.6777201389.dat
http://190.14.37.65/44329.6777201389.dat
http://185.14.29.217/44329.6777201389.dat
Targets
-
-
Target
71104249411-05132021.xlsm
-
Size
197KB
-
MD5
84821ed2ca0bd77624d0c82b7aaf01d7
-
SHA1
bb5bb5e57bd1daa6633ef86bb13c077f1bf30fc8
-
SHA256
179a0be3b59ab9d37abc006ccca6a8b394b83ffdce38bf506b8ea75c16bc313a
-
SHA512
c2a78586a4c3bc59d57b8ac7a4a3d4ca199ab65eb208f9e86aad3d0533aa2beb4684cb9856f7f1fa1e5bc744661b50d17b7a4e177f0de425727baf00222d3095
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-