General
-
Target
net-incomminvoice09.26.doc
-
Size
866KB
-
Sample
220926-wfrx6scfgj
-
MD5
a1d1744bb2396c4a25163e8f93f4494e
-
SHA1
641146ee5bb50b6eb8687cf4d5d6cbc39e9f1d8a
-
SHA256
297216dc24f4d311ab548ded700e850ed72aebcbff60e9a21574f9b651b33273
-
SHA512
0ecaba65711c79113b78c505dd70b8b1416d2071404e15382f3c9c8d00f205b79d61c7565afba5075b0763e9bf7d14c5e2d1db274b937b7f0901fd097a906774
-
SSDEEP
12288:QtVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEmYA+JWmDuiAMf7:QtV2jUeQRI5wPN/ZZ+zq6D
Behavioral task
behavioral1
Sample
net-incomminvoice09.26.docm
Resource
win7-20220901-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
net-incomminvoice09.26.doc
-
Size
866KB
-
MD5
a1d1744bb2396c4a25163e8f93f4494e
-
SHA1
641146ee5bb50b6eb8687cf4d5d6cbc39e9f1d8a
-
SHA256
297216dc24f4d311ab548ded700e850ed72aebcbff60e9a21574f9b651b33273
-
SHA512
0ecaba65711c79113b78c505dd70b8b1416d2071404e15382f3c9c8d00f205b79d61c7565afba5075b0763e9bf7d14c5e2d1db274b937b7f0901fd097a906774
-
SSDEEP
12288:QtVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEmYA+JWmDuiAMf7:QtV2jUeQRI5wPN/ZZ+zq6D
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-