General
-
Target
3432.xlsx
-
Size
133KB
-
Sample
220712-ryapdsebfj
-
MD5
53ca1cb055fc378db64fb5da2be2dffe
-
SHA1
660385a656c78e079c9c5969c6cb8a490d2271df
-
SHA256
dccbc6302f527a55848059cfbd9345e9697dfd9ce1a010b620c12a56db76e062
-
SHA512
66442c4f67edc443143298418ac87a635dfd1a5613e2cc48fc3a5d449b2124a1ed9a5d4d75df723fe5ae239f2d49f3a517612268ab864a8eefd9995902a03a86
Static task
static1
Behavioral task
behavioral1
Sample
3432.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3432.xlsx
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
decrypted.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
decrypted.xlsx
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
3432.xlsx
-
Size
133KB
-
MD5
53ca1cb055fc378db64fb5da2be2dffe
-
SHA1
660385a656c78e079c9c5969c6cb8a490d2271df
-
SHA256
dccbc6302f527a55848059cfbd9345e9697dfd9ce1a010b620c12a56db76e062
-
SHA512
66442c4f67edc443143298418ac87a635dfd1a5613e2cc48fc3a5d449b2124a1ed9a5d4d75df723fe5ae239f2d49f3a517612268ab864a8eefd9995902a03a86
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
decrypted
-
Size
125KB
-
MD5
32de988dac33588f013a37a83521a265
-
SHA1
13f646dff9f54c52a535b03bf0a1ba803f9eadf8
-
SHA256
54e48efba5879846c7fece3d715d474532dc23fbe321b7d72d1c473c04a4fee8
-
SHA512
c9a718b9560336359fb483952d55c04ad583b257761994228e811912de7d1fa499c51794ed532a501004975545444204c4137800d04441a3843d8b5c8b7066fa
-
Legitimate hosting services abused for malware hosting/C2
-