General
-
Target
10027860264845636552.xls
-
Size
90KB
-
Sample
230217-wk3kgagb8y
-
MD5
0e106000b2ef3603477cb460f2fc1751
-
SHA1
7c0bd61a7069cc04d4a0ab02b96d9c4003be0f6d
-
SHA256
178ceab4ea6816fb9d09c729b2a0d6a06bb786452d4178d49bd0a0dee3f98359
-
SHA512
76341e8cbc57b18645ab1eca456c59e61b64b707be6e04a25f7f0341369878ca70b0f973d05c939b0b5f4cea66c02f2e90e93498961ca370ac5d0158a169960d
-
SSDEEP
1536:u8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAE6yHBEL70drpFk0GX/s2C6ORQYDBhQ:ugk3hbdlylKsgqopeJBWhZFGkE+cL2N8
Behavioral task
behavioral1
Sample
10027860264845636552.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
10027860264845636552.xls
Resource
win10v2004-20220812-en
Malware Config
Extracted
http://91.240.118.172/cc/vv/fe.html
Targets
-
-
Target
10027860264845636552.xls
-
Size
90KB
-
MD5
0e106000b2ef3603477cb460f2fc1751
-
SHA1
7c0bd61a7069cc04d4a0ab02b96d9c4003be0f6d
-
SHA256
178ceab4ea6816fb9d09c729b2a0d6a06bb786452d4178d49bd0a0dee3f98359
-
SHA512
76341e8cbc57b18645ab1eca456c59e61b64b707be6e04a25f7f0341369878ca70b0f973d05c939b0b5f4cea66c02f2e90e93498961ca370ac5d0158a169960d
-
SSDEEP
1536:u8rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAE6yHBEL70drpFk0GX/s2C6ORQYDBhQ:ugk3hbdlylKsgqopeJBWhZFGkE+cL2N8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-