General
-
Target
tr_0.xls
-
Size
90KB
-
Sample
230913-p87qrsee82
-
MD5
08f03e9133419730830daa1d5c05f2ea
-
SHA1
0fbe4abe79048fb25f00e11c3f53b9729ea2019b
-
SHA256
ee2dc4300f18802a18616e9e5434b2a0d438c819d2229d3724fa266ae881dbf7
-
SHA512
d272fc170333bca041dba873120303694f99bd6f89e32b73597ad8cb6da63e54b45e1f15c34ca8494369d091693c456076374f3fb58c66ce08d1f5140e2745c1
-
SSDEEP
1536:0Yyk3hbdlylKsgqopeJBWhZFGkE+cL2NdAU8enuoLf04Gq4nV/hS5vfiyrA4H9OP:0Xk3hbdlylKsgqopeJBWhZFGkE+cL2N4
Behavioral task
behavioral1
Sample
tr_0.xls
Resource
win10v2004-20230831-en
Malware Config
Extracted
http://mac-rail.com/434.dll
Targets
-
-
Target
tr_0.xls
-
Size
90KB
-
MD5
08f03e9133419730830daa1d5c05f2ea
-
SHA1
0fbe4abe79048fb25f00e11c3f53b9729ea2019b
-
SHA256
ee2dc4300f18802a18616e9e5434b2a0d438c819d2229d3724fa266ae881dbf7
-
SHA512
d272fc170333bca041dba873120303694f99bd6f89e32b73597ad8cb6da63e54b45e1f15c34ca8494369d091693c456076374f3fb58c66ce08d1f5140e2745c1
-
SSDEEP
1536:0Yyk3hbdlylKsgqopeJBWhZFGkE+cL2NdAU8enuoLf04Gq4nV/hS5vfiyrA4H9OP:0Xk3hbdlylKsgqopeJBWhZFGkE+cL2N4
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-