General
-
Target
Purchase confirmation-6232.xlsm
-
Size
186KB
-
Sample
210727-la7sa677e2
-
MD5
0c85b4bdd02961753b9a14cd9a75e945
-
SHA1
bbe0003a47b518f0ccc0d55c83328225b6b46b19
-
SHA256
32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9
-
SHA512
8eb9b5d868c9b907433e7422c2929b819fdfacc70c5eaa05cfadc2cb92c3a52699f95751af35b7936d42c98ec3075b0b9d94ab97533526218a4e14a6ef30e9cc
Behavioral task
behavioral1
Sample
Purchase confirmation-6232.xlsm
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Purchase confirmation-6232.xlsm
Resource
win10v20210410
Malware Config
Extracted
http://feedbackdownload.download/44389,7571259259.jpg
Targets
-
-
Target
Purchase confirmation-6232.xlsm
-
Size
186KB
-
MD5
0c85b4bdd02961753b9a14cd9a75e945
-
SHA1
bbe0003a47b518f0ccc0d55c83328225b6b46b19
-
SHA256
32e52d829bbde235d7d00c6c1752f7ee5114de97eee59b22957d0adfab84c9e9
-
SHA512
8eb9b5d868c9b907433e7422c2929b819fdfacc70c5eaa05cfadc2cb92c3a52699f95751af35b7936d42c98ec3075b0b9d94ab97533526218a4e14a6ef30e9cc
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-