General
-
Target
myfairpoint,invoice,09.26.doc
-
Size
866KB
-
Sample
220926-yz4r7adaek
-
MD5
eec43702fc1e37c0375c8f2347fa382c
-
SHA1
6f8d713ece3cab297697a9d39b683ea8a88afcd3
-
SHA256
cf87fceb65b025e6f9f824496762f234ea3e043b8b4150df251d28cc80aaa1a2
-
SHA512
46e040ab0f56ab29d72f3b0913d695ff361cfde89b084d0419c508d84ae55c9f397e4eb0672c922bd298d187b7f6e30a2cff06a916190c98404cb8ef036b4d1f
-
SSDEEP
12288:yVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DER9d/+Ctz59prrhFH:yV2jUeQRI5wPN/9Y5/hFH
Behavioral task
behavioral1
Sample
myfairpoint,invoice,09.26.docm
Resource
win7-20220812-en
Malware Config
Extracted
icedid
742081363
scainznorka.com
Targets
-
-
Target
myfairpoint,invoice,09.26.doc
-
Size
866KB
-
MD5
eec43702fc1e37c0375c8f2347fa382c
-
SHA1
6f8d713ece3cab297697a9d39b683ea8a88afcd3
-
SHA256
cf87fceb65b025e6f9f824496762f234ea3e043b8b4150df251d28cc80aaa1a2
-
SHA512
46e040ab0f56ab29d72f3b0913d695ff361cfde89b084d0419c508d84ae55c9f397e4eb0672c922bd298d187b7f6e30a2cff06a916190c98404cb8ef036b4d1f
-
SSDEEP
12288:yVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DER9d/+Ctz59prrhFH:yV2jUeQRI5wPN/9Y5/hFH
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-