General
-
Target
jhazle doc 09.26.2022.doc
-
Size
865KB
-
Sample
220926-wmgqsabfb2
-
MD5
b1799c80394e1da12afd9f38d3293f90
-
SHA1
3cef24ba7115e6f83071a4d951d189fc961d3337
-
SHA256
e2ba042f4194826bed8a8ba388dd26755cb76d5e82811f86e418f377b6fc3791
-
SHA512
99c3abc32a72f9a02dbf7831915f76e176aac71b9af16b6fa1de87f0d0fd8f5bfc5b570ed53b4bcad76d1afa32499a8d4a2235770378a6ff4c4020f16e32cb14
-
SSDEEP
12288:g2VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DErPFhhhJ3sJAibNfI:rV2jUeQRI5wPN/wP1hJy/ZA
Behavioral task
behavioral1
Sample
jhazle doc 09.26.2022.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
jhazle doc 09.26.2022.doc
-
Size
865KB
-
MD5
b1799c80394e1da12afd9f38d3293f90
-
SHA1
3cef24ba7115e6f83071a4d951d189fc961d3337
-
SHA256
e2ba042f4194826bed8a8ba388dd26755cb76d5e82811f86e418f377b6fc3791
-
SHA512
99c3abc32a72f9a02dbf7831915f76e176aac71b9af16b6fa1de87f0d0fd8f5bfc5b570ed53b4bcad76d1afa32499a8d4a2235770378a6ff4c4020f16e32cb14
-
SSDEEP
12288:g2VE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DErPFhhhJ3sJAibNfI:rV2jUeQRI5wPN/wP1hJy/ZA
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-