General
-
Target
d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499.xls
-
Size
91KB
-
Sample
221110-ljszjaaegm
-
MD5
af0d4e7833a0d70113150362a5271209
-
SHA1
6fda75dd73fd356dc922fdffa9299f164c124067
-
SHA256
d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499
-
SHA512
d60dd9a683c45899258e68aa1cf853e2fcc3419b782270fc13f24a9ec578787b4ec7f46544884848d341224b34dbef58925ec78126736ce9c10a198e9dfc0211
-
SSDEEP
1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm
Behavioral task
behavioral1
Sample
d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499.xls
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499.xls
Resource
win10-20220812-en
Malware Config
Extracted
https://bosny.com/aspnet_client/R50QIOGjmvVlr/
http://navylin.com/autopoisonous/4fZQW/
http://asrani.garudaputih.com/nutabalong/bJYqoUIr99qNfoPDx/
http://db.rikaz.tech/lCx76IlkrBtEsqNFA7/zPYJzpOnzstNOiRHob/
Targets
-
-
Target
d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499.xls
-
Size
91KB
-
MD5
af0d4e7833a0d70113150362a5271209
-
SHA1
6fda75dd73fd356dc922fdffa9299f164c124067
-
SHA256
d4d455a7b6fdeabc0eba83a4bd9a7a062c1f0c7e5714a3b18c02203afaddd499
-
SHA512
d60dd9a683c45899258e68aa1cf853e2fcc3419b782270fc13f24a9ec578787b4ec7f46544884848d341224b34dbef58925ec78126736ce9c10a198e9dfc0211
-
SSDEEP
1536:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgGbCXuZH4gb4CEn9J4Z/is9o2:wKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgm
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-