General
-
Target
http://bCUyMnh0JTdDJTdDdEswMSUzRnElN0R2JTdGZ34lN0YlN0Z3cHElN0RnJTdEJTdCJUMyJThBenJjMHVsand3eHh1JUMyJTg1JUMyJTg5JTdCYyU3RjAlN0Z4b3QlQzIlODh1JUMyJThCcyU3QyVDMiU4OCUzQSUzRmdldHB1dCU3QyVDMiU4OXElN0J4ZnVlYnAlN0Q2JTdEJTdGJTdEen5oJTNFJTQwcFElN0YlN0JXR3NUX2lXLTMlMjEvemZyY3drJTIzJTNEJTIxbS1sJTdEcXAlQzIlODklM0Z1a3NmJTNFcHJ0dnpzJTIzJTNDJTIwJTIya3AlN0RwJUMyJTg4JTNGJTdCfnEyJTdGY3YlN0Jxb3V6cH4tMyUyMS9iJTdDJTdDcSVDMiU4MTN+cGVjc3olMjMxJTIxJTIyYyU3Q3QlN0QlQzIlODglM0V0ZSU3RHRxeXQlMjIlM0MlMjAlMkFvJTdEJTdEcCVDMiU4OTAlN0ZwJTdEdnB1JTNGJTdDJTdEJTNFZnRlbCU3RmYydGN+ZGolN0QlQzIlODklMjMlM0QlMjAtbCU3RHFwJUMyJTg5JTNGZnl+fnQlMjNvMy8lQzIlOEMvcXF1JTdCJTdDd3AlN0YlMjNKLy1ndiVDMiU4OWdkJTIyNCUyQyUyM3VwcC1FJTIxLzElMjIlM0MlMjAlMkFwZmd1JTIyRS8lMjMlM0QlMjMlM0MlMjAlMjJqJTdEdXVwJTdGLUUlMjEvMSUyMiUzQyUyMCUyQX56eHl0LUUlMjEvMSUyMiUzQyUyMCUyQSVDMiU4NXpldXgtRSUyMS8yMDAlMjclMkEwJTIxJTIzeWd0dnl5JTIzSiUyMCUyMiUzQiUzQzElMjYlMjMlM0MvLWMlN0NzZGdyJTJBRiUyMSUyMzElMjIzLyUyM3JicnklN0J2LkslMjElMjMwLTMlMjEvcWNkZHNyeCUyM0slMjAtJTNGJTIzMSUyMSUyMnF2b35nJTdEcCVDMiU4OS1FJTIxL3klN0JkZG9yJTIzJTNEJTIxJTIyJUMyJTg1VCU3RmlmJUMyJTg4JTIySiUyOC5KSkpLREQlMjMlQzIlODIlM0QlMjAlMjJ3JTdEa3MlN0ZiJTdGaC1uODMwMzIxMjAxOTg5OTkxNTg=
-
Sample
240620-j5wanssajp
Malware Config
Targets
-
-
Target
http://bCUyMnh0JTdDJTdDdEswMSUzRnElN0R2JTdGZ34lN0YlN0Z3cHElN0RnJTdEJTdCJUMyJThBenJjMHVsand3eHh1JUMyJTg1JUMyJTg5JTdCYyU3RjAlN0Z4b3QlQzIlODh1JUMyJThCcyU3QyVDMiU4OCUzQSUzRmdldHB1dCU3QyVDMiU4OXElN0J4ZnVlYnAlN0Q2JTdEJTdGJTdEen5oJTNFJTQwcFElN0YlN0JXR3NUX2lXLTMlMjEvemZyY3drJTIzJTNEJTIxbS1sJTdEcXAlQzIlODklM0Z1a3NmJTNFcHJ0dnpzJTIzJTNDJTIwJTIya3AlN0RwJUMyJTg4JTNGJTdCfnEyJTdGY3YlN0Jxb3V6cH4tMyUyMS9iJTdDJTdDcSVDMiU4MTN+cGVjc3olMjMxJTIxJTIyYyU3Q3QlN0QlQzIlODglM0V0ZSU3RHRxeXQlMjIlM0MlMjAlMkFvJTdEJTdEcCVDMiU4OTAlN0ZwJTdEdnB1JTNGJTdDJTdEJTNFZnRlbCU3RmYydGN+ZGolN0QlQzIlODklMjMlM0QlMjAtbCU3RHFwJUMyJTg5JTNGZnl+fnQlMjNvMy8lQzIlOEMvcXF1JTdCJTdDd3AlN0YlMjNKLy1ndiVDMiU4OWdkJTIyNCUyQyUyM3VwcC1FJTIxLzElMjIlM0MlMjAlMkFwZmd1JTIyRS8lMjMlM0QlMjMlM0MlMjAlMjJqJTdEdXVwJTdGLUUlMjEvMSUyMiUzQyUyMCUyQX56eHl0LUUlMjEvMSUyMiUzQyUyMCUyQSVDMiU4NXpldXgtRSUyMS8yMDAlMjclMkEwJTIxJTIzeWd0dnl5JTIzSiUyMCUyMiUzQiUzQzElMjYlMjMlM0MvLWMlN0NzZGdyJTJBRiUyMSUyMzElMjIzLyUyM3JicnklN0J2LkslMjElMjMwLTMlMjEvcWNkZHNyeCUyM0slMjAtJTNGJTIzMSUyMSUyMnF2b35nJTdEcCVDMiU4OS1FJTIxL3klN0JkZG9yJTIzJTNEJTIxJTIyJUMyJTg1VCU3RmlmJUMyJTg4JTIySiUyOC5KSkpLREQlMjMlQzIlODIlM0QlMjAlMjJ3JTdEa3MlN0ZiJTdGaC1uODMwMzIxMjAxOTg5OTkxNTg=
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-