General
-
Target
SecuriteInfo.com.XF.AShadow.1000.5196.20073.xlsx
-
Size
36KB
-
Sample
230330-3kfh9shb8x
-
MD5
e54f72b1de3e97efe28c97470d3b00f3
-
SHA1
1eeed3b2fd10ff8f2b61237d23648e086fca677d
-
SHA256
b916ee9ac5a31baa984fa1f21caa27f09e4441862a49de9173c5ee69866794c1
-
SHA512
95a2359880fa090d93031cfe86788713007294ff01e996c3c03c7bf4e824b355f7a1056a1a4d3b3f51e5b0e40ec170439d99ea8b9cc216ba9fa862aee28209db
-
SSDEEP
768:2PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+Q+5hrCaI58tfC9HY:Kok3hbdlylKsgqopeJBWhZFGkE+cL2ND
Behavioral task
behavioral1
Sample
SecuriteInfo.com.XF.AShadow.1000.5196.20073.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.XF.AShadow.1000.5196.20073.xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://statedauto.com/wp-data.php
https://markens.online/wp-data.php
Targets
-
-
Target
SecuriteInfo.com.XF.AShadow.1000.5196.20073.xlsx
-
Size
36KB
-
MD5
e54f72b1de3e97efe28c97470d3b00f3
-
SHA1
1eeed3b2fd10ff8f2b61237d23648e086fca677d
-
SHA256
b916ee9ac5a31baa984fa1f21caa27f09e4441862a49de9173c5ee69866794c1
-
SHA512
95a2359880fa090d93031cfe86788713007294ff01e996c3c03c7bf4e824b355f7a1056a1a4d3b3f51e5b0e40ec170439d99ea8b9cc216ba9fa862aee28209db
-
SSDEEP
768:2PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+Q+5hrCaI58tfC9HY:Kok3hbdlylKsgqopeJBWhZFGkE+cL2ND
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-