General
-
Target
kingwoodcable.invoice.09.26.doc
-
Size
866KB
-
Sample
220926-wd1gjabef6
-
MD5
ff498b50a55ad54e3c8eaf1f8810edb8
-
SHA1
8bbb45b152c041d7054d9443a53f37264ce24dd7
-
SHA256
06f6b95cd39e770e937dcb94a0a2f11f46fa4500eeaf08e4be270e501ecf7584
-
SHA512
7e346a207609bfa15d388d762ea34a91a431a0d247a703965097e6196bb4f4704e359089cd76ed1d80e5b797e85ac48ad0ba71d909175d23a6cf77030b6ff950
-
SSDEEP
12288:PzYVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEQCibMbr+9f8zAgo64f:PzYV2jUeQRI5wPN/aiwrk8e3f
Behavioral task
behavioral1
Sample
kingwoodcable.invoice.09.26.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
kingwoodcable.invoice.09.26.doc
-
Size
866KB
-
MD5
ff498b50a55ad54e3c8eaf1f8810edb8
-
SHA1
8bbb45b152c041d7054d9443a53f37264ce24dd7
-
SHA256
06f6b95cd39e770e937dcb94a0a2f11f46fa4500eeaf08e4be270e501ecf7584
-
SHA512
7e346a207609bfa15d388d762ea34a91a431a0d247a703965097e6196bb4f4704e359089cd76ed1d80e5b797e85ac48ad0ba71d909175d23a6cf77030b6ff950
-
SSDEEP
12288:PzYVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEQCibMbr+9f8zAgo64f:PzYV2jUeQRI5wPN/aiwrk8e3f
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-