General
-
Target
monomoyislandferry document 09.26.22.doc
-
Size
866KB
-
Sample
220926-wfrx6sbeg4
-
MD5
890805470da9015f646b59db0a19e26f
-
SHA1
66266a1d0a3215c097913a8470e57bb6569c2e1f
-
SHA256
81c6bbed61f2ef06c3a64d623a882a9f5d83cf35aa63ee9d90b74af72122d30f
-
SHA512
87792fa56af5da734cf45b386fb2b00e3a550fdeeb33ce0c10b22f9e0a97286af51bf317865649447c983caa435bbd5ce6be91be047b32ddaeec9dfec8a45e69
-
SSDEEP
12288:AdVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE9vHNxTp/G7obb9f8xom:AdV2jUeQRI5wPN/sHVGs58um
Behavioral task
behavioral1
Sample
monomoyislandferry document 09.26.22.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
monomoyislandferry document 09.26.22.doc
-
Size
866KB
-
MD5
890805470da9015f646b59db0a19e26f
-
SHA1
66266a1d0a3215c097913a8470e57bb6569c2e1f
-
SHA256
81c6bbed61f2ef06c3a64d623a882a9f5d83cf35aa63ee9d90b74af72122d30f
-
SHA512
87792fa56af5da734cf45b386fb2b00e3a550fdeeb33ce0c10b22f9e0a97286af51bf317865649447c983caa435bbd5ce6be91be047b32ddaeec9dfec8a45e69
-
SSDEEP
12288:AdVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE9vHNxTp/G7obb9f8xom:AdV2jUeQRI5wPN/sHVGs58um
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-