General
-
Target
payment deposited.xls
-
Size
32KB
-
Sample
220818-g52rcaadfq
-
MD5
5ed3f5b6e47b32637675e7b1534a190f
-
SHA1
da9511f0790da2b3e44595ab5498e186d8994bc7
-
SHA256
6037abc3e0340b6af982c1e79e19093c3c802a166c78dc02069c42124713706f
-
SHA512
4f3bdadd4fa392359fc05d5eae74e8daa7c37aa70b249b10564292d55e4c7d7c4e646d65d8ff27c07aaa1c872f4f689a3a6d9c829cc2a157732ae363e1fe7552
-
SSDEEP
768:E6gk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJk5fYmHdCDK:wk3hOdsylKlgxopeiBNhZFGzE+cL2kd4
Behavioral task
behavioral1
Sample
payment deposited.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
payment deposited.xls
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
payment deposited.xls
-
Size
32KB
-
MD5
5ed3f5b6e47b32637675e7b1534a190f
-
SHA1
da9511f0790da2b3e44595ab5498e186d8994bc7
-
SHA256
6037abc3e0340b6af982c1e79e19093c3c802a166c78dc02069c42124713706f
-
SHA512
4f3bdadd4fa392359fc05d5eae74e8daa7c37aa70b249b10564292d55e4c7d7c4e646d65d8ff27c07aaa1c872f4f689a3a6d9c829cc2a157732ae363e1fe7552
-
SSDEEP
768:E6gk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJk5fYmHdCDK:wk3hOdsylKlgxopeiBNhZFGzE+cL2kd4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-
Drops file in System32 directory
-