General
-
Target
f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6.xls
-
Size
235KB
-
Sample
230419-md6h4shh58
-
MD5
2654fdca7197f542cbd0be823a2a2a9f
-
SHA1
149b43a5f8f4d9bd63720b408f6c4e2a86401c6a
-
SHA256
f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6
-
SHA512
1534994b08b95c1a9879afba6a857817146b3aaa06484a65ff89f418b5ca31fa7ffbc2076efdface8f0036f5e3a7f98e95fe0120df3bfe2c2b06ea8e3b96bcaf
-
SSDEEP
6144:cKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgq9jWXcZZRBTq1BOzTwvOsPDslAvS32vI7p:09jVzTmszTwvTDy33LvfP1OWr
Behavioral task
behavioral1
Sample
f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6.xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
https://ohemaa.org/HUVm9mDKLW9C/ocrafhh.html
https://madieandme.com.au/xnkpOLnvlN6T/ocrafh.html
https://amerident.com.do/xdOMlaB0XJ7/ocraf.html
Targets
-
-
Target
f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6.xls
-
Size
235KB
-
MD5
2654fdca7197f542cbd0be823a2a2a9f
-
SHA1
149b43a5f8f4d9bd63720b408f6c4e2a86401c6a
-
SHA256
f5a313c5353ae0d1cede7bd5e234bfd3a4d7abb5e877bd2903d8d7572e9ee4d6
-
SHA512
1534994b08b95c1a9879afba6a857817146b3aaa06484a65ff89f418b5ca31fa7ffbc2076efdface8f0036f5e3a7f98e95fe0120df3bfe2c2b06ea8e3b96bcaf
-
SSDEEP
6144:cKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgq9jWXcZZRBTq1BOzTwvOsPDslAvS32vI7p:09jVzTmszTwvTDy33LvfP1OWr
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-