General
-
Target
Positions_invoice-103246.xlsm.zip
-
Size
67KB
-
Sample
210720-ww4cxkyxa6
-
MD5
b786a9417765e7e44d69e329ef7d7ae3
-
SHA1
2b5c3115927762c24fe7e41e425e8bf34b3f512f
-
SHA256
cffc0806fb0efc64d3c551f790e1e2694f53a768cebd43949d976c0546afc6cd
-
SHA512
04fbee3340454613e23a85868e066cfe82f5b38efa317cc74d2ab0ea4562fb871f8fdb6ea0689d41e66809badf979e54f3504eecd535a3c28ddbb73cbfc2957e
Behavioral task
behavioral1
Sample
Positions_invoice-103246.xlsm
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Positions_invoice-103246.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://162.248.225.97/1.php
Targets
-
-
Target
Positions_invoice-103246.xlsm
-
Size
83KB
-
MD5
2f02b14db12e5adedb47836517a12821
-
SHA1
499fd76b033981e9ffc9ff28672c819c49920990
-
SHA256
bd767a4f421a11cd8cf5376a57a6d805f01cdcab19b0a99c118b171d122e81a1
-
SHA512
1954d749422059f3b3cffa7a70201a96cda57855a91e9db0fc690562976a8f90b5709df1ea973d24e5aa82d1f25ed5ad27418328da64c7d4442a6ee3010ac5fa
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-