General
-
Target
iw.doc.12.23.2022.docm
-
Size
1.3MB
-
Sample
221224-wlyb5sde71
-
MD5
d3179af6d42296fd9199a9bf69e0ee7b
-
SHA1
55827e92fb051250f68642a94b6e1e24171ee6f0
-
SHA256
b0bbb2f2fbfa2750a8ae8a14d3fecf5cbb8e295707bbf77af2f38765c3785060
-
SHA512
c018b0998f930a56729bf7b1fb7f4095330d89a553d442437bbd824186e7a9f081cc12b8e9e90b7164c3f0ee1a8efba4f41e31a027ae54f4b882c1ed3a3a7add
-
SSDEEP
24576:/gs5pJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD6G7EzqHm+Bmcb:/NpJmgf3zliFpp5KqG+7
Behavioral task
behavioral1
Sample
iw.doc.12.23.2022.docm
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
iw.doc.12.23.2022.docm
Resource
win10v2004-20220812-en
Malware Config
Extracted
icedid
1212497363
Extracted
icedid
1212497363
trbiriumpa.com
Targets
-
-
Target
iw.doc.12.23.2022.docm
-
Size
1.3MB
-
MD5
d3179af6d42296fd9199a9bf69e0ee7b
-
SHA1
55827e92fb051250f68642a94b6e1e24171ee6f0
-
SHA256
b0bbb2f2fbfa2750a8ae8a14d3fecf5cbb8e295707bbf77af2f38765c3785060
-
SHA512
c018b0998f930a56729bf7b1fb7f4095330d89a553d442437bbd824186e7a9f081cc12b8e9e90b7164c3f0ee1a8efba4f41e31a027ae54f4b882c1ed3a3a7add
-
SSDEEP
24576:/gs5pJmLOgHWi8bj11H2w5inpF7sONo/qiy7L9pvRD6G7EzqHm+Bmcb:/NpJmgf3zliFpp5KqG+7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-