General
-
Target
manickbag,invoice,09.26.doc
-
Size
867KB
-
Sample
220926-wdz6rsbee9
-
MD5
e3f31139ce0af4942c97f98c2e49030f
-
SHA1
c8be02d711d37ac68b18cfb7b9158b7df914117c
-
SHA256
cff784097a93c27539c5cd51c1ff2073fcc45a9dd72209f9c11ad14f034bbf01
-
SHA512
3995f275022325e08e824406849792b568d8836264763d8a4d5c3cc2ba4b8dd55652697d62f3b8321b4a8706ad13f232102fe14c17bf92dff63492e178c3a68d
-
SSDEEP
12288:2KVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE/M/yuuV+XHfzPdiYKY4:3V2jUeQRI5wPN/3yVV+XHL4
Behavioral task
behavioral1
Sample
manickbag,invoice,09.26.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
manickbag,invoice,09.26.doc
-
Size
867KB
-
MD5
e3f31139ce0af4942c97f98c2e49030f
-
SHA1
c8be02d711d37ac68b18cfb7b9158b7df914117c
-
SHA256
cff784097a93c27539c5cd51c1ff2073fcc45a9dd72209f9c11ad14f034bbf01
-
SHA512
3995f275022325e08e824406849792b568d8836264763d8a4d5c3cc2ba4b8dd55652697d62f3b8321b4a8706ad13f232102fe14c17bf92dff63492e178c3a68d
-
SSDEEP
12288:2KVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE/M/yuuV+XHfzPdiYKY4:3V2jUeQRI5wPN/3yVV+XHL4
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-