General
-
Target
nntcinvoice09.26.doc
-
Size
866KB
-
Sample
220926-xcbmfschbm
-
MD5
a950f27b577e9c0ca10048248c81637a
-
SHA1
5d53103a58c6f3de33baf24a42a9ea582e82ba9a
-
SHA256
96f4b5d7a36e0beb974712736292680ab6371df4c167914fe6570fbbabf19aa0
-
SHA512
aa7a2a1f6fba7929cb4b35d69561e064563b206587f373c4f44dd86c01fe6ee25a0ed549b274aca80536dc90794c6f226b80639d579c2e0666b21f0b39793858
-
SSDEEP
12288:zVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE1mo/az5B9c6dH:zV2jUeQRI5wPN/Bo/m5B9cC
Behavioral task
behavioral1
Sample
nntcinvoice09.26.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
nntcinvoice09.26.doc
-
Size
866KB
-
MD5
a950f27b577e9c0ca10048248c81637a
-
SHA1
5d53103a58c6f3de33baf24a42a9ea582e82ba9a
-
SHA256
96f4b5d7a36e0beb974712736292680ab6371df4c167914fe6570fbbabf19aa0
-
SHA512
aa7a2a1f6fba7929cb4b35d69561e064563b206587f373c4f44dd86c01fe6ee25a0ed549b274aca80536dc90794c6f226b80639d579c2e0666b21f0b39793858
-
SSDEEP
12288:zVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DE1mo/az5B9c6dH:zV2jUeQRI5wPN/Bo/m5B9cC
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-