General
-
Target
PRODUCT SPECIFICATION.xla
-
Size
114KB
-
Sample
230328-mz8wcsae69
-
MD5
180686c189d327aea9f97f1ca9014928
-
SHA1
04dbcf680886992dd8b3fe3ba42c44a0e8f75dba
-
SHA256
f0075bb5c58f1bbdeb3b0c0f92798da492f96415a60b3c36c55c1129b514eee7
-
SHA512
08acf11753ac6f5513705d121cd8dd48c3676159d06832264c243fe50b23832dbd8285bc627551431929afa94edb164a231ec5a99aff208bed13318d4e78af93
-
SSDEEP
3072:wewk3hOdsylKlgxopeiBNhZFGzE+cL2kdAVVmwAnNUHuEGZT5BBmglG:wewk3hOdsylKlgxopeiBNhZF+E+W2kdQ
Behavioral task
behavioral1
Sample
PRODUCT SPECIFICATION.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
PRODUCT SPECIFICATION.xls
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
PRODUCT SPECIFICATION.xla
-
Size
114KB
-
MD5
180686c189d327aea9f97f1ca9014928
-
SHA1
04dbcf680886992dd8b3fe3ba42c44a0e8f75dba
-
SHA256
f0075bb5c58f1bbdeb3b0c0f92798da492f96415a60b3c36c55c1129b514eee7
-
SHA512
08acf11753ac6f5513705d121cd8dd48c3676159d06832264c243fe50b23832dbd8285bc627551431929afa94edb164a231ec5a99aff208bed13318d4e78af93
-
SSDEEP
3072:wewk3hOdsylKlgxopeiBNhZFGzE+cL2kdAVVmwAnNUHuEGZT5BBmglG:wewk3hOdsylKlgxopeiBNhZF+E+W2kdQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-