General
-
Target
cancel_sub_JPL12345678901234.xlsb
-
Size
260KB
-
Sample
210519-hce37drhmx
-
MD5
80fdec003c86c583473a9fbbabf40d2f
-
SHA1
991940040a50a0be56572e4a9ab73d6d4dbab050
-
SHA256
49e315aa89bf10972518c3069a767c869bbf7027c298afd11ab21040285b3f9e
-
SHA512
022475db6593d15bdcc1411f7c3b88a8822311f621506401ad3ba33ddc2a52ae6e97e4357e3742bf59ef287c033f5363cb5d2021be793d5552a3a8b73b85cfa5
Behavioral task
behavioral1
Sample
cancel_sub_JPL12345678901234.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
cancel_sub_JPL12345678901234.xlsb
Resource
win10v20210410
Malware Config
Extracted
Targets
-
-
Target
cancel_sub_JPL12345678901234.xlsb
-
Size
260KB
-
MD5
80fdec003c86c583473a9fbbabf40d2f
-
SHA1
991940040a50a0be56572e4a9ab73d6d4dbab050
-
SHA256
49e315aa89bf10972518c3069a767c869bbf7027c298afd11ab21040285b3f9e
-
SHA512
022475db6593d15bdcc1411f7c3b88a8822311f621506401ad3ba33ddc2a52ae6e97e4357e3742bf59ef287c033f5363cb5d2021be793d5552a3a8b73b85cfa5
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Nloader Payload
-
Blocklisted process makes network request
-
Loads dropped DLL
-