General
-
Target
leatha,doc,12.23.2022.docm
-
Size
1.3MB
-
Sample
221224-wlx2dade7z
-
MD5
cbfd95f59689ad3f3ac862d25492e6e6
-
SHA1
b1417d5860d7179f15d1545cc79f5bae9a8d8997
-
SHA256
88917fe31db801e9c3d13b93487bbf089bfb90b5e72465b33b042bca8360f073
-
SHA512
33d58ee41f5c1506aabcbee882b00892dd06f9109d02a2965000f4767a29111b77807ae4104d552e0371c660a31c2c5c491437ba4514f76074671394e5938123
-
SSDEEP
24576:/FkpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDVG7EzqHm+Bmcc:/FkpJmgf3zliFpp+KqG+8
Behavioral task
behavioral1
Sample
leatha,doc,12.23.2022.docm
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
leatha,doc,12.23.2022.docm
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
leatha,doc,12.23.2022.docm
-
Size
1.3MB
-
MD5
cbfd95f59689ad3f3ac862d25492e6e6
-
SHA1
b1417d5860d7179f15d1545cc79f5bae9a8d8997
-
SHA256
88917fe31db801e9c3d13b93487bbf089bfb90b5e72465b33b042bca8360f073
-
SHA512
33d58ee41f5c1506aabcbee882b00892dd06f9109d02a2965000f4767a29111b77807ae4104d552e0371c660a31c2c5c491437ba4514f76074671394e5938123
-
SSDEEP
24576:/FkpJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRDVG7EzqHm+Bmcc:/FkpJmgf3zliFpp+KqG+8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-