General
-
Target
jnrcom file 09.26.doc
-
Size
865KB
-
Sample
220926-x9gvqsdaaj
-
MD5
8e7bcbb33d896f70960bb5d86e0922ab
-
SHA1
9f9176c2b7d1f502bd2c41aa65d5a1f9d66a26f4
-
SHA256
f42c62d9eba4fffe26c0ee87116c53cc91610f98b9c3625819d60c8502b74986
-
SHA512
5635c0e2354c310731287c2768934a1c9e59c0d045df4a3ff1a07247213d5266953f48e106d4dc61d90bdd61c6f138550910136ba9c99adf23e714de4802e2e0
-
SSDEEP
12288:qVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DESSBdXn7f+GxZBT2Wcc:qV2jUeQRI5wPN/SHfHXT2WT
Behavioral task
behavioral1
Sample
jnrcom file 09.26.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
jnrcom file 09.26.doc
-
Size
865KB
-
MD5
8e7bcbb33d896f70960bb5d86e0922ab
-
SHA1
9f9176c2b7d1f502bd2c41aa65d5a1f9d66a26f4
-
SHA256
f42c62d9eba4fffe26c0ee87116c53cc91610f98b9c3625819d60c8502b74986
-
SHA512
5635c0e2354c310731287c2768934a1c9e59c0d045df4a3ff1a07247213d5266953f48e106d4dc61d90bdd61c6f138550910136ba9c99adf23e714de4802e2e0
-
SSDEEP
12288:qVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DESSBdXn7f+GxZBT2Wcc:qV2jUeQRI5wPN/SHfHXT2WT
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-