General
-
Target
cancel_sub_JPL12345678901234.xlsb
-
Size
241KB
-
Sample
210518-y1e2nhs97e
-
MD5
b4a0b38ff2bd7619e42c0f1d1fb0171b
-
SHA1
c0e61bcc7139bc2342e5a9eb9a2bc056c475624d
-
SHA256
3cc4948d4d3cac89a74284ae4dc49d177b834f295e9f767a46dcd73726b7239d
-
SHA512
8830468a4f8ee1032abe7ede05fdc11fb592355c81447bf0d65b995a6d6a55fc399025084bb74bb7f4b52a14ee7a2ea79a2100480222c1da95e19b3b4a59cff5
Behavioral task
behavioral1
Sample
cancel_sub_JPL12345678901234.xlsb
Resource
win7v20210408
Behavioral task
behavioral2
Sample
cancel_sub_JPL12345678901234.xlsb
Resource
win10v20210410
Malware Config
Extracted
Targets
-
-
Target
cancel_sub_JPL12345678901234.xlsb
-
Size
241KB
-
MD5
b4a0b38ff2bd7619e42c0f1d1fb0171b
-
SHA1
c0e61bcc7139bc2342e5a9eb9a2bc056c475624d
-
SHA256
3cc4948d4d3cac89a74284ae4dc49d177b834f295e9f767a46dcd73726b7239d
-
SHA512
8830468a4f8ee1032abe7ede05fdc11fb592355c81447bf0d65b995a6d6a55fc399025084bb74bb7f4b52a14ee7a2ea79a2100480222c1da95e19b3b4a59cff5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-