General
-
Target
Item_positions_invoice_508667.xlsm
-
Size
83KB
-
Sample
210720-xf38qq5b82
-
MD5
ed4e10134affdf7a15f68622644d9e37
-
SHA1
456b755f94ae1e30b0942b16fb1fbb6253e1d306
-
SHA256
64de7c2fcf041d8db827181f9fd1918521b7d1bc81473b31cd466d1640ca7781
-
SHA512
d6d3f812bfc2f44642ad8d8426863c6235c883f53e063883f4392f9f3ddc85b4773481fb12e097394f6d89017084847ef98072271f781c83a15d2f99d10e425d
Behavioral task
behavioral1
Sample
Item_positions_invoice_508667.xlsm
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Item_positions_invoice_508667.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://162.248.225.97/1.php
Targets
-
-
Target
Item_positions_invoice_508667.xlsm
-
Size
83KB
-
MD5
ed4e10134affdf7a15f68622644d9e37
-
SHA1
456b755f94ae1e30b0942b16fb1fbb6253e1d306
-
SHA256
64de7c2fcf041d8db827181f9fd1918521b7d1bc81473b31cd466d1640ca7781
-
SHA512
d6d3f812bfc2f44642ad8d8426863c6235c883f53e063883f4392f9f3ddc85b4773481fb12e097394f6d89017084847ef98072271f781c83a15d2f99d10e425d
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-