General
-
Target
mohr4document09.26.doc
-
Size
866KB
-
Sample
220926-wj7g2abeh5
-
MD5
1421cff1d2bed5590ffe5c9073243cfe
-
SHA1
e0bd5496050a0f2e597127163b93c94f9149184a
-
SHA256
4d992810e9a05e27afabf2194cd04612dca0a738dc076778a56459cf97c6b9f1
-
SHA512
27251d0754d08766060a1cb62d67bfe2406ccd326a0da8fadc1d0b5812b2ae3374f0478d8f548a6f8517df2b75ede25a9b5923c64517c69608da2ad5ecdfc504
-
SSDEEP
12288:thL7VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEvtm9d/+CWSzv36htHTZ:7L7V2jUeQRI5wPN/+trWzit
Behavioral task
behavioral1
Sample
mohr4document09.26.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
mohr4document09.26.doc
-
Size
866KB
-
MD5
1421cff1d2bed5590ffe5c9073243cfe
-
SHA1
e0bd5496050a0f2e597127163b93c94f9149184a
-
SHA256
4d992810e9a05e27afabf2194cd04612dca0a738dc076778a56459cf97c6b9f1
-
SHA512
27251d0754d08766060a1cb62d67bfe2406ccd326a0da8fadc1d0b5812b2ae3374f0478d8f548a6f8517df2b75ede25a9b5923c64517c69608da2ad5ecdfc504
-
SSDEEP
12288:thL7VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEvtm9d/+CWSzv36htHTZ:7L7V2jUeQRI5wPN/+trWzit
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-