General
-
Target
herts.uk.document.12.23.2022.docm
-
Size
1.3MB
-
Sample
221224-wlx2daad36
-
MD5
8c8f206c903ee4b4561592a473d7a13e
-
SHA1
f6522e0d59c81c19076ca634eb892c4aca33d992
-
SHA256
a074a4b714a0db7d33a60eef8796605efcb2b41c109370231dc8b972bb6c45fe
-
SHA512
f340da930c0f923480ee832a0c060fb499095a4a0e39620e11846cdf7fd953772190779393b763a1a48fa8187815bd5d19885151e60e05cc7948fe277583feb3
-
SSDEEP
24576:/qpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDYG7EzqHm+Bmcn:/qpJmgf3zliFppTKqG+H
Behavioral task
behavioral1
Sample
herts.uk.document.12.23.2022.docm
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
herts.uk.document.12.23.2022.docm
Resource
win10v2004-20221111-en
Malware Config
Extracted
icedid
1212497363
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
herts.uk.document.12.23.2022.docm
-
Size
1.3MB
-
MD5
8c8f206c903ee4b4561592a473d7a13e
-
SHA1
f6522e0d59c81c19076ca634eb892c4aca33d992
-
SHA256
a074a4b714a0db7d33a60eef8796605efcb2b41c109370231dc8b972bb6c45fe
-
SHA512
f340da930c0f923480ee832a0c060fb499095a4a0e39620e11846cdf7fd953772190779393b763a1a48fa8187815bd5d19885151e60e05cc7948fe277583feb3
-
SSDEEP
24576:/qpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDYG7EzqHm+Bmcn:/qpJmgf3zliFppTKqG+H
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-