General
-
Target
Complaint-922836043-02182021.xls
-
Size
142KB
-
Sample
230126-awr28abd65
-
MD5
1596dc98f96feae955a680a87024dd2d
-
SHA1
c61de22e6d9ff5555016b8259ed0d0421893ca10
-
SHA256
10d3ebe25e0249c65fe82295865e2730021876ed8d3bccc3e88242e452d4c2cb
-
SHA512
d7d1ad7110b8c42922ae8e37c042230422a41cded1b90ff38d3f965fac3bd51b89b9cafcf8f04ab0228c9fac3290969496224bc176a44f23c9d0ef30e53867cc
-
SSDEEP
3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/V:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOMU
Behavioral task
behavioral1
Sample
Complaint-922836043-02182021.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Complaint-922836043-02182021.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://rzminc.com/xklyulyijvn/44952065406828700000.dat
http://pathinanchilearthmovers.com/eznwcdhx/44952065406828700000.dat
http://jugueterialatorre.com.ar/xjzpfwc/44952065406828700000.dat
http://rzminc.com/fdzgprclatqo/44952065406828700000.dat
http://biblicalisraeltours.com/otmchxmxeg/44952065406828700000.dat
Extracted
http://rzminc.com/xklyulyijvn/44952023779166700000.dat
http://pathinanchilearthmovers.com/eznwcdhx/44952023779166700000.dat
http://jugueterialatorre.com.ar/xjzpfwc/44952023779166700000.dat
http://rzminc.com/fdzgprclatqo/44952023779166700000.dat
http://biblicalisraeltours.com/otmchxmxeg/44952023779166700000.dat
Targets
-
-
Target
Complaint-922836043-02182021.xls
-
Size
142KB
-
MD5
1596dc98f96feae955a680a87024dd2d
-
SHA1
c61de22e6d9ff5555016b8259ed0d0421893ca10
-
SHA256
10d3ebe25e0249c65fe82295865e2730021876ed8d3bccc3e88242e452d4c2cb
-
SHA512
d7d1ad7110b8c42922ae8e37c042230422a41cded1b90ff38d3f965fac3bd51b89b9cafcf8f04ab0228c9fac3290969496224bc176a44f23c9d0ef30e53867cc
-
SSDEEP
3072:GcPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMRt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/V:GcPiTQAVW/89BQnmlcGvgZ7r3J8YUOMU
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-