General
-
Target
morrisonmalldocument09.26.2022.doc
-
Size
866KB
-
Sample
220926-v7p28abec4
-
MD5
870c7b158f1a6783c45280c7f4267810
-
SHA1
0e4ca2f5ea12e26d7e2dfd2d890cdbf79c980761
-
SHA256
cb7b6d4c2ff89c0d673c3026033b840e8f766c11b7af0983cb0267392a01bc2d
-
SHA512
3df3e67bcb2b17e4e74fae16563dcfdc4de9a3a8639ba873cfdde6b2ee9dd68a24d772ecef38702dcb57e3be39621e05ea966244dc42ef6165ac819a783e46f7
-
SSDEEP
12288:0/VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DESDvHmYSz5S6daAMfe:0/V2jUeQRI5wPN/HvHmYe5S6YW
Behavioral task
behavioral1
Sample
morrisonmalldocument09.26.2022.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
morrisonmalldocument09.26.2022.doc
-
Size
866KB
-
MD5
870c7b158f1a6783c45280c7f4267810
-
SHA1
0e4ca2f5ea12e26d7e2dfd2d890cdbf79c980761
-
SHA256
cb7b6d4c2ff89c0d673c3026033b840e8f766c11b7af0983cb0267392a01bc2d
-
SHA512
3df3e67bcb2b17e4e74fae16563dcfdc4de9a3a8639ba873cfdde6b2ee9dd68a24d772ecef38702dcb57e3be39621e05ea966244dc42ef6165ac819a783e46f7
-
SSDEEP
12288:0/VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DESDvHmYSz5S6daAMfe:0/V2jUeQRI5wPN/HvHmYe5S6YW
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-