General
-
Target
New Order PI-#19-09897981.xls
-
Size
1.1MB
-
Sample
241113-h6nfsaxdrb
-
MD5
f2711debc76d6e8fd87952e3b123f796
-
SHA1
4ae156b52e4f0094161d1fbf4a2b86548b05b0b3
-
SHA256
42b26807f1ba9bcb0be08ea66d955fd3bfd3e94336541b81d54ecfe8f28f2877
-
SHA512
0e73aea7a5c23177dad88797d58004fd52d972f3bd0c01e6f7577edf13bf9988bdebf1a4026b59aea85353098628f0d3dfb713cfea66afde42143d4af26b6c20
-
SSDEEP
24576:tq9PLiijE2Z5Z2am8tQnNF84LJQodsaGmQVfX:tEPLiij7Z5ZK8tYFjLJQodgmQp
Static task
static1
Behavioral task
behavioral1
Sample
New Order PI-#19-09897981.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
New Order PI-#19-09897981.xls
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
New Order PI-#19-09897981.xls
-
Size
1.1MB
-
MD5
f2711debc76d6e8fd87952e3b123f796
-
SHA1
4ae156b52e4f0094161d1fbf4a2b86548b05b0b3
-
SHA256
42b26807f1ba9bcb0be08ea66d955fd3bfd3e94336541b81d54ecfe8f28f2877
-
SHA512
0e73aea7a5c23177dad88797d58004fd52d972f3bd0c01e6f7577edf13bf9988bdebf1a4026b59aea85353098628f0d3dfb713cfea66afde42143d4af26b6c20
-
SSDEEP
24576:tq9PLiijE2Z5Z2am8tQnNF84LJQodsaGmQVfX:tEPLiij7Z5ZK8tYFjLJQodgmQp
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Evasion via Device Credential Deployment
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-