General
-
Target
georgegarnier.invoice.12.23.docm
-
Size
1.3MB
-
Sample
221224-wlwhjsad32
-
MD5
0d30c944f3a25dd5a3d3300dce762a4c
-
SHA1
039278d36e0e2e0e37287bcba10ab0ce194ebe74
-
SHA256
b6748e63c66c4dadff044129ac5224722b527969c4afa8572a35b29b0a28d15e
-
SHA512
3d007dc0cbec5d2947248abf5b07c00b4a6be7687ade14dd1f4adcf4151e46f2f8099f598dca11cb160a7229e4264ca975dd3375ad6f016f157dc85801575a17
-
SSDEEP
24576:/xpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD8G7EzqHm+Bmcq:/xpJmgf3zliFpp/KqG+K
Behavioral task
behavioral1
Sample
georgegarnier.invoice.12.23.docm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
georgegarnier.invoice.12.23.docm
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
1212497363
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
georgegarnier.invoice.12.23.docm
-
Size
1.3MB
-
MD5
0d30c944f3a25dd5a3d3300dce762a4c
-
SHA1
039278d36e0e2e0e37287bcba10ab0ce194ebe74
-
SHA256
b6748e63c66c4dadff044129ac5224722b527969c4afa8572a35b29b0a28d15e
-
SHA512
3d007dc0cbec5d2947248abf5b07c00b4a6be7687ade14dd1f4adcf4151e46f2f8099f598dca11cb160a7229e4264ca975dd3375ad6f016f157dc85801575a17
-
SSDEEP
24576:/xpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD8G7EzqHm+Bmcq:/xpJmgf3zliFpp/KqG+K
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-