General
-
Target
figures-12.21.doc
-
Size
33KB
-
Sample
211201-2k1zjagefk
-
MD5
7fd923b0c4fb883cddce74ef1ab2233e
-
SHA1
0c4dcb95f799c8b6fe5c61ad8e5b5d02caab97ec
-
SHA256
aa31b5173d6dea75cd81623d5cdd463db3cfb98c23c72fefe588a7d6ed41dae1
-
SHA512
cb065f10a801f64e95f42783439b662758ced10455c0242ae3924a2e012db7d5ca5abe6e5172e46d6faf14a30f0db1c8dc7cd03a896a9dcd28fc4fdb40aac713
Static task
static1
Behavioral task
behavioral1
Sample
figures-12.21.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
figures-12.21.doc
Resource
win10-en-20211014
Malware Config
Extracted
icedid
1892568649
normyils.com
Targets
-
-
Target
figures-12.21.doc
-
Size
33KB
-
MD5
7fd923b0c4fb883cddce74ef1ab2233e
-
SHA1
0c4dcb95f799c8b6fe5c61ad8e5b5d02caab97ec
-
SHA256
aa31b5173d6dea75cd81623d5cdd463db3cfb98c23c72fefe588a7d6ed41dae1
-
SHA512
cb065f10a801f64e95f42783439b662758ced10455c0242ae3924a2e012db7d5ca5abe6e5172e46d6faf14a30f0db1c8dc7cd03a896a9dcd28fc4fdb40aac713
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-