General
-
Target
koppdesign.invoice.09.26.2022.doc
-
Size
867KB
-
Sample
220926-wfrx6scffn
-
MD5
b60773f08e36964d7613ec7e24e7f11a
-
SHA1
9ff60d3f1100b7d368b7f72d0b7c56cd7afd3cb3
-
SHA256
f21f2c15e99a4701452813233b3b5b8a20caf54e6185bf25d4dc733b12eb6426
-
SHA512
268c531320ac82968c62d915ba6c0da201905623d77fc82d0ffd2e43693dfa828302def2ffc3b710369326eed97dd0bdb0a33289d81bac05c78573f60bf9bd75
-
SSDEEP
12288:lgVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE28huuV+/3P6OOssaxso:mV2jUeQRI5wPN/DYVV+6sNT
Behavioral task
behavioral1
Sample
koppdesign.invoice.09.26.2022.docm
Resource
win7-20220901-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
koppdesign.invoice.09.26.2022.doc
-
Size
867KB
-
MD5
b60773f08e36964d7613ec7e24e7f11a
-
SHA1
9ff60d3f1100b7d368b7f72d0b7c56cd7afd3cb3
-
SHA256
f21f2c15e99a4701452813233b3b5b8a20caf54e6185bf25d4dc733b12eb6426
-
SHA512
268c531320ac82968c62d915ba6c0da201905623d77fc82d0ffd2e43693dfa828302def2ffc3b710369326eed97dd0bdb0a33289d81bac05c78573f60bf9bd75
-
SSDEEP
12288:lgVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE28huuV+/3P6OOssaxso:mV2jUeQRI5wPN/DYVV+6sNT
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-