General
-
Target
midday-invoice-09.26.22.doc
-
Size
866KB
-
Sample
220926-v3pwnabeb3
-
MD5
b6debba043c77e3ff010ad5c197a8d3c
-
SHA1
a05522b3ac8efcd36c0248a9164dd0c1a9f1e456
-
SHA256
1c54e6547719dd745928ee44e318e98f4b9e5603f70648c53f8efe3587e7c6bf
-
SHA512
93f8cb87906b96d67954008cb49f89b7bebf8b7347ddf749b15cb707db750961b867d072cb9a565c13e4be8c21fd0f7a9d98eb3984447556bd0ddcf5d08b631c
-
SSDEEP
12288:h3wfVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEGv6U0DDK2HiFH6dyf:FaV2jUeQRI5wPN/ZiUiDKiy6gf
Behavioral task
behavioral1
Sample
midday-invoice-09.26.22.docm
Resource
win7-20220901-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
midday-invoice-09.26.22.doc
-
Size
866KB
-
MD5
b6debba043c77e3ff010ad5c197a8d3c
-
SHA1
a05522b3ac8efcd36c0248a9164dd0c1a9f1e456
-
SHA256
1c54e6547719dd745928ee44e318e98f4b9e5603f70648c53f8efe3587e7c6bf
-
SHA512
93f8cb87906b96d67954008cb49f89b7bebf8b7347ddf749b15cb707db750961b867d072cb9a565c13e4be8c21fd0f7a9d98eb3984447556bd0ddcf5d08b631c
-
SSDEEP
12288:h3wfVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEGv6U0DDK2HiFH6dyf:FaV2jUeQRI5wPN/ZiUiDKiy6gf
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-