General
-
Target
Sixt_receipt_81642755.doc
-
Size
43KB
-
Sample
221125-hxneesdd9z
-
MD5
4af54c2a93186c9c296811f06dad2e68
-
SHA1
d9bb7523d1df1679665af1779544e7c799d28ab2
-
SHA256
49e78fedd58dc44feda7a6b02d833011e51a2a7633fa673fe80ef4b0ad483e7e
-
SHA512
5f29945ca8b97f5a89859f67b2faae8b103462bc31287780213337d0566d69fb7804dc29aca39cc8752f1ad0d2ecd4a09e163e33b6240d85a31c367d79fe1c08
-
SSDEEP
384:Y1RKuNFkrWmLTY0jNk4UsyZ0jUe61tAZU5ygpIA:aBk3TYOUfVe61tAZU5rpIA
Behavioral task
behavioral1
Sample
Sixt_receipt_81642755.doc
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Sixt_receipt_81642755.doc
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Sixt_receipt_81642755.doc
-
Size
43KB
-
MD5
4af54c2a93186c9c296811f06dad2e68
-
SHA1
d9bb7523d1df1679665af1779544e7c799d28ab2
-
SHA256
49e78fedd58dc44feda7a6b02d833011e51a2a7633fa673fe80ef4b0ad483e7e
-
SHA512
5f29945ca8b97f5a89859f67b2faae8b103462bc31287780213337d0566d69fb7804dc29aca39cc8752f1ad0d2ecd4a09e163e33b6240d85a31c367d79fe1c08
-
SSDEEP
384:Y1RKuNFkrWmLTY0jNk4UsyZ0jUe61tAZU5ygpIA:aBk3TYOUfVe61tAZU5rpIA
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-