General
-
Target
paym_approval_8909830.xlsm
-
Size
118KB
-
Sample
210720-68t9xkb7ye
-
MD5
25740577bfb13e807aa64ac60ba6409d
-
SHA1
66931af10b3c44062ba9b4be5a4574839db2928d
-
SHA256
7ba924ed45ba93fc99b5391974ad4735df537ebb86d0da6d043f87ce3f019f38
-
SHA512
039e501824858fadce4a93baf14ea61fa084183927943b5f741d72ca7c523dff387caf1420cd2c0f093b4793e70a94558fa046214b8edc7f662e5896a9ecf927
Behavioral task
behavioral1
Sample
paym_approval_8909830.xlsm
Resource
win7v20210408
Behavioral task
behavioral2
Sample
paym_approval_8909830.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://162.248.225.95/d.php
Targets
-
-
Target
paym_approval_8909830.xlsm
-
Size
118KB
-
MD5
25740577bfb13e807aa64ac60ba6409d
-
SHA1
66931af10b3c44062ba9b4be5a4574839db2928d
-
SHA256
7ba924ed45ba93fc99b5391974ad4735df537ebb86d0da6d043f87ce3f019f38
-
SHA512
039e501824858fadce4a93baf14ea61fa084183927943b5f741d72ca7c523dff387caf1420cd2c0f093b4793e70a94558fa046214b8edc7f662e5896a9ecf927
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-