General
-
Target
InvoiceNo_8041766.ppt
-
Size
82KB
-
Sample
210813-fnjyawq6ws
-
MD5
c27b99ba1c1e0e88a8362fd5b9193499
-
SHA1
4aa04165daad8a8827d39067b117c2a81399f87d
-
SHA256
c9eef29af749ee4e022d0852bfec6b85a382cb50d0dfcab2eeed1a89499fde48
-
SHA512
8c7c17959905a83b503d5a1892a9950399ae6d1f0b4859a4b2cfaf0c0bb176cebf64d9992b93d5b32d8aca95dff13821303ad5d234109f65de4ac03fdc80a892
Static task
static1
Behavioral task
behavioral1
Sample
InvoiceNo_8041766.ppt
Resource
win7v20210410
Behavioral task
behavioral2
Sample
InvoiceNo_8041766.ppt
Resource
win10v20210410
Malware Config
Targets
-
-
Target
InvoiceNo_8041766.ppt
-
Size
82KB
-
MD5
c27b99ba1c1e0e88a8362fd5b9193499
-
SHA1
4aa04165daad8a8827d39067b117c2a81399f87d
-
SHA256
c9eef29af749ee4e022d0852bfec6b85a382cb50d0dfcab2eeed1a89499fde48
-
SHA512
8c7c17959905a83b503d5a1892a9950399ae6d1f0b4859a4b2cfaf0c0bb176cebf64d9992b93d5b32d8aca95dff13821303ad5d234109f65de4ac03fdc80a892
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-