General
-
Target
TRUE_doc.xls
-
Size
38KB
-
Sample
221203-bjgw6abh34
-
MD5
6b77a4c21a8ef90057c12cd41aa8fa51
-
SHA1
82d0a47baa5e7a44a28315739a4a517a56ca3942
-
SHA256
c19c1e39b5f614db3380b72dfb98fbe25ef4ed77bf3ac52055a1239a31a42519
-
SHA512
6c42cb9f7be0df0dc45c2fcb6a335696c7bb05f03a8521c155b50bf32421256155e98df1832d7b26959ab2c3fac2085405d2d06d43fd79d777e527029299c974
-
SSDEEP
768:glknKpbdrHYrMue8q7QPX+5xtekEd/68/dgALAoW8NFdU5PX+SSL0LHVfDM:gluKpbdrHYrMue8q7QPX+5xtekEdi8/V
Behavioral task
behavioral1
Sample
TRUE_doc.xls
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
TRUE_doc.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://78.85.17.88:8912/rev.ps1
Targets
-
-
Target
TRUE_doc.xls
-
Size
38KB
-
MD5
6b77a4c21a8ef90057c12cd41aa8fa51
-
SHA1
82d0a47baa5e7a44a28315739a4a517a56ca3942
-
SHA256
c19c1e39b5f614db3380b72dfb98fbe25ef4ed77bf3ac52055a1239a31a42519
-
SHA512
6c42cb9f7be0df0dc45c2fcb6a335696c7bb05f03a8521c155b50bf32421256155e98df1832d7b26959ab2c3fac2085405d2d06d43fd79d777e527029299c974
-
SSDEEP
768:glknKpbdrHYrMue8q7QPX+5xtekEd/68/dgALAoW8NFdU5PX+SSL0LHVfDM:gluKpbdrHYrMue8q7QPX+5xtekEdi8/V
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-