General
-
Target
ORDER 002110109A.xlsm
-
Size
388KB
-
Sample
211010-nyfc4afge3
-
MD5
fddb915231bd05bdb40250bd9ca9327a
-
SHA1
95e69dffccc8c93611de153fd9993faefc4b0f5f
-
SHA256
06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed
-
SHA512
da06766a2de1c0008ee9ed1d575bf8500a09ba511d056beb2c84e44ce7457d7e319c156695176de87247ca7faac68ea65af6216d47075f67341e6c2b61b13b43
Static task
static1
Behavioral task
behavioral1
Sample
ORDER 002110109A.xlsm
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
ORDER 002110109A.xlsm
Resource
win10v20210408
Malware Config
Extracted
http://transfer.sh/get/ii6Fqb/word.exe
Targets
-
-
Target
ORDER 002110109A.xlsm
-
Size
388KB
-
MD5
fddb915231bd05bdb40250bd9ca9327a
-
SHA1
95e69dffccc8c93611de153fd9993faefc4b0f5f
-
SHA256
06e223bb2af0e00e3c5c7d2a0574e0cf69716f82432665221d49f62a8613b5ed
-
SHA512
da06766a2de1c0008ee9ed1d575bf8500a09ba511d056beb2c84e44ce7457d7e319c156695176de87247ca7faac68ea65af6216d47075f67341e6c2b61b13b43
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-