General
-
Target
158644533c0c9683e8c8da4cfafd48eb05164ae25bb0e5f433ed23aec8a7464e.xlsx
-
Size
430KB
-
Sample
240708-bdvwtsxcka
-
MD5
996967065e5478555d9c4bf0838f6fd0
-
SHA1
8c07156945c2c55d61df66ff9ee0f2d6c598a6a4
-
SHA256
158644533c0c9683e8c8da4cfafd48eb05164ae25bb0e5f433ed23aec8a7464e
-
SHA512
39c11818eae917356cd178476c2b55c67ca209246e11f0115999ae50e5f7fc6adc1d375ff974ef8020ccb25a1ad474a094f20625db4f741c902fdcf182e1e18e
-
SSDEEP
12288:U6NCL1OGQpozwjTqCfgn+/doG59yeXWWeIgpWpKhNSB:U6NC5rFWWCfgnkdoG59ye5cIOS
Malware Config
Targets
-
-
Target
158644533c0c9683e8c8da4cfafd48eb05164ae25bb0e5f433ed23aec8a7464e.xlsx
-
Size
430KB
-
MD5
996967065e5478555d9c4bf0838f6fd0
-
SHA1
8c07156945c2c55d61df66ff9ee0f2d6c598a6a4
-
SHA256
158644533c0c9683e8c8da4cfafd48eb05164ae25bb0e5f433ed23aec8a7464e
-
SHA512
39c11818eae917356cd178476c2b55c67ca209246e11f0115999ae50e5f7fc6adc1d375ff974ef8020ccb25a1ad474a094f20625db4f741c902fdcf182e1e18e
-
SSDEEP
12288:U6NCL1OGQpozwjTqCfgn+/doG59yeXWWeIgpWpKhNSB:U6NC5rFWWCfgnkdoG59ye5cIOS
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-