General
-
Target
request.doc
-
Size
519KB
-
Sample
220322-v8wldsgea8
-
MD5
1433886577ad04dd268d82d92e031fd2
-
SHA1
fd8010620f1628d602804778b5f5281da5144d35
-
SHA256
0f3ea635c48dba38f3602aa302e2581fef545372e81a5e372d68ca709f2db7f9
-
SHA512
a60f6c491ede2d84fb2a70bd0e2ab1364fe7668fed55fb99dd7b0a42f9309dbc9258421088d9c853a172a29a9a7a00d4553f5ba54720b916759d5220d2587b6f
Static task
static1
Behavioral task
behavioral1
Sample
request.docm
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
request.docm
Resource
win10v2004-20220310-en
Malware Config
Extracted
icedid
1832122140
rivertimad.com
Targets
-
-
Target
request.doc
-
Size
519KB
-
MD5
1433886577ad04dd268d82d92e031fd2
-
SHA1
fd8010620f1628d602804778b5f5281da5144d35
-
SHA256
0f3ea635c48dba38f3602aa302e2581fef545372e81a5e372d68ca709f2db7f9
-
SHA512
a60f6c491ede2d84fb2a70bd0e2ab1364fe7668fed55fb99dd7b0a42f9309dbc9258421088d9c853a172a29a9a7a00d4553f5ba54720b916759d5220d2587b6f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-