General
-
Target
b2bc6b1db6a26485c9398e1453cb67a3
-
Size
36KB
-
Sample
240304-wd3a5ahf79
-
MD5
b2bc6b1db6a26485c9398e1453cb67a3
-
SHA1
64359e55cd7e7a3ff7bb7c5d71833110b4bf337a
-
SHA256
c3e9f8f223035b649ec8f0f3d8bf8dfc3300dff6306a97e3dfd2cc3cf0fafd1e
-
SHA512
bf5af88f1f400e65b0a1a97bd28b855ca63c7e04bd3509c6937c91898a8d02455024b968abef55714d0061c98ab21ef40897cee931f4aef6559fe91010427988
-
SSDEEP
768:0PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJokhbs9RcFvbyiY:wok3hbdlylKsgqopeJBWhZFGkE+cL2Np
Behavioral task
behavioral1
Sample
b2bc6b1db6a26485c9398e1453cb67a3.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b2bc6b1db6a26485c9398e1453cb67a3.xls
Resource
win10v2004-20240226-en
Malware Config
Extracted
https://statedauto.com/wp-data.php
https://markens.online/wp-data.php
Targets
-
-
Target
b2bc6b1db6a26485c9398e1453cb67a3
-
Size
36KB
-
MD5
b2bc6b1db6a26485c9398e1453cb67a3
-
SHA1
64359e55cd7e7a3ff7bb7c5d71833110b4bf337a
-
SHA256
c3e9f8f223035b649ec8f0f3d8bf8dfc3300dff6306a97e3dfd2cc3cf0fafd1e
-
SHA512
bf5af88f1f400e65b0a1a97bd28b855ca63c7e04bd3509c6937c91898a8d02455024b968abef55714d0061c98ab21ef40897cee931f4aef6559fe91010427988
-
SSDEEP
768:0PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJokhbs9RcFvbyiY:wok3hbdlylKsgqopeJBWhZFGkE+cL2Np
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-