General
-
Target
midwestorthotics.invoice.09.26.22.doc
-
Size
866KB
-
Sample
220926-ws6l4abfd3
-
MD5
5971fa63da7aab926fc419ea95dff008
-
SHA1
e0cc4870870e167928bbc655215386407e08771c
-
SHA256
ea153aab8f9073d6bc3552d78cb0d0fc57a80cbdb437d9d9ffd6e3629d63b19f
-
SHA512
5cdc2bff166e063ceb569f2f03f39d94a51769a5c43d415089c56e199de023630414bef803830a795d13b03290ae5175e77a054946ded07af9d459437c657182
-
SSDEEP
12288:uVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEJHNxCSzvl9WDD:uV2jUeQRI5wPN/2Hpz994D
Behavioral task
behavioral1
Sample
midwestorthotics.invoice.09.26.22.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
midwestorthotics.invoice.09.26.22.doc
-
Size
866KB
-
MD5
5971fa63da7aab926fc419ea95dff008
-
SHA1
e0cc4870870e167928bbc655215386407e08771c
-
SHA256
ea153aab8f9073d6bc3552d78cb0d0fc57a80cbdb437d9d9ffd6e3629d63b19f
-
SHA512
5cdc2bff166e063ceb569f2f03f39d94a51769a5c43d415089c56e199de023630414bef803830a795d13b03290ae5175e77a054946ded07af9d459437c657182
-
SSDEEP
12288:uVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEJHNxCSzvl9WDD:uV2jUeQRI5wPN/2Hpz994D
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-