General
-
Target
licence_WR123456789.xlsb
-
Size
237KB
-
Sample
210706-6fl7mft2ln
-
MD5
d4be0a085db10789f786807e0694f1bb
-
SHA1
dce0f13f8141409f4fa3919b1508df4aff69b445
-
SHA256
f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e
-
SHA512
b74838a7dbb9d0240ffb421763a0bce44ef6b3705236f27992e91409b8d6a5767a08077edb8ad6bc6f9a83c0e829de5189d4a3ed81d8584a8e7f9b617579d322
Behavioral task
behavioral1
Sample
licence_WR123456789.xlsb
Resource
win7v20210410
Behavioral task
behavioral2
Sample
licence_WR123456789.xlsb
Resource
win10v20210410
Malware Config
Extracted
Targets
-
-
Target
licence_WR123456789.xlsb
-
Size
237KB
-
MD5
d4be0a085db10789f786807e0694f1bb
-
SHA1
dce0f13f8141409f4fa3919b1508df4aff69b445
-
SHA256
f611aa0d43e504d3542d9533fbdff4c29d552d4aa57b64b63f63ba869f449e3e
-
SHA512
b74838a7dbb9d0240ffb421763a0bce44ef6b3705236f27992e91409b8d6a5767a08077edb8ad6bc6f9a83c0e829de5189d4a3ed81d8584a8e7f9b617579d322
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-