General
-
Target
request.zip
-
Size
45KB
-
Sample
211202-tqzdwsadck
-
MD5
a9d13246b6bb52ab53e300e162e3019f
-
SHA1
a3d1dff894996728f2bbf05321f62c648534ea98
-
SHA256
79fa73cfba9fb4166fd901bc586dd610bf76a1827c04ce2bfb37fbb5145675b3
-
SHA512
e5ba81db8281365142d770c07592087146c3e65a2ccb966eef039d2c2d4fb1d6342fea9552aff1e321999bc9e817f71510b5e6095492b7f748a78c132367ecf4
Static task
static1
Behavioral task
behavioral1
Sample
intelligence 12.21.doc
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
intelligence 12.21.doc
Resource
win10-en-20211014
Malware Config
Extracted
icedid
1892568649
normyils.com
Targets
-
-
Target
intelligence 12.21.doc
-
Size
33KB
-
MD5
68cc58645c17688d9e5b6ecaa2bc458c
-
SHA1
6bbbdf868985598822c1d656b4ee187e4ea239bb
-
SHA256
35f2333a1ecf5b8111c1297391058d104f601f4f0e8006d672d25226ec50e9b5
-
SHA512
7ca9b985cfec02bda405c55b39d76e529c2e80e08068fe4d3a2de8c0b5c3fe5f0c8a3c139e5a3e402755bedf72be4181a002fcc0ed5b7f1a73eb797f04913bd7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-