General
-
Target
orionpitbikesales.document.11.11.2022.doc
-
Size
1.3MB
-
Sample
221111-g92l5sbggq
-
MD5
aeb1778d4b96e3070355d39f2b08a46a
-
SHA1
4e1541914e151c4edc44b911d05350cf97b126af
-
SHA256
964d08c30e93f4f9783728ce6f35da2caf3dcacabc85bf39ab54e8e3f9083c53
-
SHA512
841a001c932802e35594e29411b1542197d572b7a617c93f4b6c2592d24ccb4ea75a2eb58d0c598effca4322df123f3acd9f867ce234db4a3a0cdacfbad3e0d0
-
SSDEEP
24576:1SM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cUru:PX7YGkeTWTBSqulzSA9erCMPYrru
Behavioral task
behavioral1
Sample
orionpitbikesales.document.11.11.2022.docm
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
orionpitbikesales.document.11.11.2022.docm
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
1292139634
Extracted
icedid
1292139634
oiurkastarting.com
Targets
-
-
Target
orionpitbikesales.document.11.11.2022.doc
-
Size
1.3MB
-
MD5
aeb1778d4b96e3070355d39f2b08a46a
-
SHA1
4e1541914e151c4edc44b911d05350cf97b126af
-
SHA256
964d08c30e93f4f9783728ce6f35da2caf3dcacabc85bf39ab54e8e3f9083c53
-
SHA512
841a001c932802e35594e29411b1542197d572b7a617c93f4b6c2592d24ccb4ea75a2eb58d0c598effca4322df123f3acd9f867ce234db4a3a0cdacfbad3e0d0
-
SSDEEP
24576:1SM3HJByN63keT98TBa3qr6lzSAOCj3WxFVrCM84vAaD6cUru:PX7YGkeTWTBSqulzSA9erCMPYrru
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-