General
-
Target
belge.xls
-
Size
1.3MB
-
Sample
230815-pjcjbsce9y
-
MD5
a1d5340d98145a8761b8f6e08025c918
-
SHA1
9e68e8f9d0946afd057cdef7cc4ed487186e8ddd
-
SHA256
139cfcae4ad335b722ffd0a27324b5e55bfed2ab303b1ae1ca697a3f936cb886
-
SHA512
df55975ade3524b06823392eaceba7b16413a28387439470dcc417fc99bcf6eca20a743424a666675b48204332c60e46e6a8a9d0a1f2651de11592c2306e3cbf
-
SSDEEP
24576:HaZy0w6VgjKaWlEzp7a9Zyaw6VpjKaWlEzp7a8zdbiMb7QA5Qp5E/kwnx:HE86VgjKjOzMy6VpjKjOzJdd7/5X/kE
Malware Config
Targets
-
-
Target
belge.xls
-
Size
1.3MB
-
MD5
a1d5340d98145a8761b8f6e08025c918
-
SHA1
9e68e8f9d0946afd057cdef7cc4ed487186e8ddd
-
SHA256
139cfcae4ad335b722ffd0a27324b5e55bfed2ab303b1ae1ca697a3f936cb886
-
SHA512
df55975ade3524b06823392eaceba7b16413a28387439470dcc417fc99bcf6eca20a743424a666675b48204332c60e46e6a8a9d0a1f2651de11592c2306e3cbf
-
SSDEEP
24576:HaZy0w6VgjKaWlEzp7a9Zyaw6VpjKaWlEzp7a8zdbiMb7QA5Qp5E/kwnx:HE86VgjKjOzMy6VpjKjOzJdd7/5X/kE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-