General
-
Target
Client_documents_access_1793-1029.xlsm
-
Size
85KB
-
Sample
210723-e7xcd967t2
-
MD5
e05574d2a2b00fc7b9862ad631ce3315
-
SHA1
b55f7933231453358bd4e0a033a8030595412b60
-
SHA256
6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d
-
SHA512
065d815ac37c355098345392f4ffe1793317e6cd55640f05229c2f1211b9a0dd0941844e7234a27986f8b6a48cb8de1aa883440c23be91450f6b1da9cb9c1468
Behavioral task
behavioral1
Sample
Client_documents_access_1793-1029.xlsm
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Client_documents_access_1793-1029.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://162.248.227.39/first.php
Targets
-
-
Target
Client_documents_access_1793-1029.xlsm
-
Size
85KB
-
MD5
e05574d2a2b00fc7b9862ad631ce3315
-
SHA1
b55f7933231453358bd4e0a033a8030595412b60
-
SHA256
6cb9eff2c03a7064a655a6117cb62d4bf8694a6fab10588cac60b0781d60ca4d
-
SHA512
065d815ac37c355098345392f4ffe1793317e6cd55640f05229c2f1211b9a0dd0941844e7234a27986f8b6a48cb8de1aa883440c23be91450f6b1da9cb9c1468
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-