General
-
Target
henning,doc,12.23.2022.docm
-
Size
1.3MB
-
Sample
221224-wlwtbade6y
-
MD5
af24985e30034e84546c6579e42388e5
-
SHA1
01dfe26012b31dc7d05ad40a14f48572c9476b5c
-
SHA256
014827baac8a836d570203d3ff88b22957dcedd1cc4eae49e4ac62334f4f4903
-
SHA512
6f04234605924ce3c9fd9b5692d8624e45ef8ef6b977e65ed25909fc8f621844c1572501a247bbed0ac65c647504c1801d0213a1eaeea007294410a61b3a79a5
-
SSDEEP
24576:/1pJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD0G7EzqHm+BmcC:/1pJmgf3zliFppnKqG+i
Behavioral task
behavioral1
Sample
henning,doc,12.23.2022.docm
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
henning,doc,12.23.2022.docm
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
1212497363
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
henning,doc,12.23.2022.docm
-
Size
1.3MB
-
MD5
af24985e30034e84546c6579e42388e5
-
SHA1
01dfe26012b31dc7d05ad40a14f48572c9476b5c
-
SHA256
014827baac8a836d570203d3ff88b22957dcedd1cc4eae49e4ac62334f4f4903
-
SHA512
6f04234605924ce3c9fd9b5692d8624e45ef8ef6b977e65ed25909fc8f621844c1572501a247bbed0ac65c647504c1801d0213a1eaeea007294410a61b3a79a5
-
SSDEEP
24576:/1pJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD0G7EzqHm+BmcC:/1pJmgf3zliFppnKqG+i
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-