General
-
Target
b5873b2932ca2d24cf6fc82511aa40ba100936e15ed93cfe729a08bebfc2c819
-
Size
32KB
-
Sample
220417-3ey4esfhh7
-
MD5
99cb2c3015c0ecdd78dfa45de2e6909c
-
SHA1
6e770e9940d4b9611fe7585d565fab8868758972
-
SHA256
b5873b2932ca2d24cf6fc82511aa40ba100936e15ed93cfe729a08bebfc2c819
-
SHA512
7e99043833d6ff01ce1519d4a8e982a39e1730a69eded9218158b38d0c9a85a066465b50d11928f375bb627ff951938ed5872684d9342d97e3c24700e98d862f
Static task
static1
Behavioral task
behavioral1
Sample
08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0.xls
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0.xls
Resource
win10-20220414-en
Malware Config
Extracted
icedid
2493865931
ertimadifa.com
Targets
-
-
Target
08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0.xls
-
Size
32KB
-
MD5
3aa6bf4ed8c485717d767013d43f7cdb
-
SHA1
83ea9a8627819a7ba2ecad058f22e7f697256bc0
-
SHA256
08d30d6646117cd96320447042fb3857b4f82d80a92f31ee91b16044b87929c0
-
SHA512
db51c36533565f35b535fa4696a8992c2b1fa15cf93fb129c3ec740a394b6bff3cf43355e172c017f8ed762d99a73f2d157a0fb797cd827a228db39195652a5b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-