General
-
Target
PURCHASEORDER.xls
-
Size
1.5MB
-
Sample
230324-hcxscscf84
-
MD5
7128d7e3632afbc109085c91fd0404c1
-
SHA1
4b16b615630468c252d3f642995a4d5d9c252e6b
-
SHA256
33497120ede69ba4d6c9c7bb4533ec7ece887acfa9ed2d617a215ff81126b46e
-
SHA512
5eccb89ed4479f7040ddf1582bbdb569c0f571337892e34fb0ff3151dee663f255e252f9886288b7ee31366df70d52f5a6c9f9163cda7db3fff1a2a4e275446a
-
SSDEEP
24576:X2Tbq8KPsUGRoG1t6EWOEMhpaMNzl8raUtGCn113y4RzuCr2izm/EcUAbFNLGeuX:mv5K/G3v6EWxNMNzlMRtGCn113y4RaCw
Behavioral task
behavioral1
Sample
PURCHASEORDER.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PURCHASEORDER.xls
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
PURCHASEORDER.xls
-
Size
1.5MB
-
MD5
7128d7e3632afbc109085c91fd0404c1
-
SHA1
4b16b615630468c252d3f642995a4d5d9c252e6b
-
SHA256
33497120ede69ba4d6c9c7bb4533ec7ece887acfa9ed2d617a215ff81126b46e
-
SHA512
5eccb89ed4479f7040ddf1582bbdb569c0f571337892e34fb0ff3151dee663f255e252f9886288b7ee31366df70d52f5a6c9f9163cda7db3fff1a2a4e275446a
-
SSDEEP
24576:X2Tbq8KPsUGRoG1t6EWOEMhpaMNzl8raUtGCn113y4RzuCr2izm/EcUAbFNLGeuX:mv5K/G3v6EWxNMNzlMRtGCn113y4RaCw
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-