General
-
Target
00961b6e32b712b30d0850b0fcfcc109
-
Size
36KB
-
Sample
231219-l8zhlshgh4
-
MD5
00961b6e32b712b30d0850b0fcfcc109
-
SHA1
6d09fc1068a5646f8ca6ae8d27fca14e2e41fdf5
-
SHA256
3a7c9efa418e79020a0bbc9c1a41878857804f4170457b1e9d763c03ea81e593
-
SHA512
ab6d2cff3c91dbb444e181ea72db34008f2e02d017e58f479c8079743c87cab2b743967d45474e9315b197e092f69a24c9e2259774dcbf02ff1ce3f9e5344b2c
-
SSDEEP
768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJchK4EYuEmOMK+0uJ9+EVROUEJ9:kok3hbdlylKsgqopeJBWhZFGkE+cL2N3
Behavioral task
behavioral1
Sample
00961b6e32b712b30d0850b0fcfcc109.xls
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
00961b6e32b712b30d0850b0fcfcc109.xls
Resource
win10v2004-20231215-en
Malware Config
Extracted
https://statedauto.com/wp-data.php
https://markens.online/wp-data.php
Targets
-
-
Target
00961b6e32b712b30d0850b0fcfcc109
-
Size
36KB
-
MD5
00961b6e32b712b30d0850b0fcfcc109
-
SHA1
6d09fc1068a5646f8ca6ae8d27fca14e2e41fdf5
-
SHA256
3a7c9efa418e79020a0bbc9c1a41878857804f4170457b1e9d763c03ea81e593
-
SHA512
ab6d2cff3c91dbb444e181ea72db34008f2e02d017e58f479c8079743c87cab2b743967d45474e9315b197e092f69a24c9e2259774dcbf02ff1ce3f9e5344b2c
-
SSDEEP
768:IPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJchK4EYuEmOMK+0uJ9+EVROUEJ9:kok3hbdlylKsgqopeJBWhZFGkE+cL2N3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-