General
-
Target
Nicht bestätigt 815950.crdownload
-
Size
764KB
-
Sample
221130-yjs1raab42
-
MD5
1f5384be6b1f91ad16c33fcc95dec835
-
SHA1
66cba71c519b9316b1260db98dd1755aa7a8a227
-
SHA256
a77486ba4e88ced4dddba2048df0c7d9db28b337fb7c80c62df5368d7f74776a
-
SHA512
5f9272eeb6b0102c4eeccf3a8f004b94b965bc05add56f53b3241ff433b9b9608c057fcc7ebef12dfc73a78d2896c812513034bacb044be801a618ee0d41d326
-
SSDEEP
12288:/9ag+4iVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEjgNp3PRNKGh/Kg:/gPV2jUeQRI5wPN/+gNp3PRNKI/Kg
Behavioral task
behavioral1
Sample
Nicht bestätigt 815950.docm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Nicht bestätigt 815950.docm
Resource
win10v2004-20220901-en
Malware Config
Extracted
icedid
1313163077
oilcardirtoz.com
Targets
-
-
Target
Nicht bestätigt 815950.crdownload
-
Size
764KB
-
MD5
1f5384be6b1f91ad16c33fcc95dec835
-
SHA1
66cba71c519b9316b1260db98dd1755aa7a8a227
-
SHA256
a77486ba4e88ced4dddba2048df0c7d9db28b337fb7c80c62df5368d7f74776a
-
SHA512
5f9272eeb6b0102c4eeccf3a8f004b94b965bc05add56f53b3241ff433b9b9608c057fcc7ebef12dfc73a78d2896c812513034bacb044be801a618ee0d41d326
-
SSDEEP
12288:/9ag+4iVE9j2y+1JbeQbntrws6/GYzw6OFokpXfiiGef/DEjgNp3PRNKGh/Kg:/gPV2jUeQRI5wPN/+gNp3PRNKI/Kg
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-