General
-
Target
indicarecords.document.12.23.2022.docm
-
Size
1.3MB
-
Sample
221224-wlw43sde61
-
MD5
1e01c47850c37ea9baa4828dc210ff7a
-
SHA1
25165a04ef5022fde2816d5bda10ce0796ffc529
-
SHA256
c23b57235f44110edc1e435b5be54bac20ede351e2a390ae0e9aa889a58cf589
-
SHA512
092b35caaefa1176533f939039d4e27deaf0d28fd7b0dedab6463c760b0f479315a62b125ac73ab4ffc3bcbbfdbfa5072a5de637ed6f44a4b33886c337b1c77d
-
SSDEEP
24576:/opJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDBG7EzqHm+Bmcr:/opJmgf3zliFppiKqG+L
Behavioral task
behavioral1
Sample
indicarecords.document.12.23.2022.docm
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
indicarecords.document.12.23.2022.docm
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
indicarecords.document.12.23.2022.docm
-
Size
1.3MB
-
MD5
1e01c47850c37ea9baa4828dc210ff7a
-
SHA1
25165a04ef5022fde2816d5bda10ce0796ffc529
-
SHA256
c23b57235f44110edc1e435b5be54bac20ede351e2a390ae0e9aa889a58cf589
-
SHA512
092b35caaefa1176533f939039d4e27deaf0d28fd7b0dedab6463c760b0f479315a62b125ac73ab4ffc3bcbbfdbfa5072a5de637ed6f44a4b33886c337b1c77d
-
SSDEEP
24576:/opJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDBG7EzqHm+Bmcr:/opJmgf3zliFppiKqG+L
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-