General
-
Target
mytheatreacademy,doc,09.26.2022.doc
-
Size
866KB
-
Sample
220926-ws6l4acgbp
-
MD5
4f4c0eef484c7b982f5dcd1f736fafd2
-
SHA1
70aa3ae957e438620a7ce8e7e44ea3bd78951696
-
SHA256
da53ec50385bd308bdae8095edde4f87b59f490ee31c91eecaeebf045a299747
-
SHA512
17ce467372b902ee8a0785ee8d593b1fdf3663ca5ad7cf123c760076e1336ec96d7966186c38200d315a4aabff6a6deb2420cd32b22db89e79cd62b40255772a
-
SSDEEP
12288:CpXVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEeGAkz5W6dg2oT:CpXV2jUeQRI5wPN/1D45W6SZT
Behavioral task
behavioral1
Sample
mytheatreacademy,doc,09.26.2022.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
mytheatreacademy,doc,09.26.2022.doc
-
Size
866KB
-
MD5
4f4c0eef484c7b982f5dcd1f736fafd2
-
SHA1
70aa3ae957e438620a7ce8e7e44ea3bd78951696
-
SHA256
da53ec50385bd308bdae8095edde4f87b59f490ee31c91eecaeebf045a299747
-
SHA512
17ce467372b902ee8a0785ee8d593b1fdf3663ca5ad7cf123c760076e1336ec96d7966186c38200d315a4aabff6a6deb2420cd32b22db89e79cd62b40255772a
-
SSDEEP
12288:CpXVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEeGAkz5W6dg2oT:CpXV2jUeQRI5wPN/1D45W6SZT
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-