General
-
Target
6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e
-
Size
34KB
-
Sample
240721-1fsa6awbmg
-
MD5
a117e4f5bfe2ba75ff6b78e93c6df153
-
SHA1
196d0942134dd60244730f28872e0d7b774cb9f4
-
SHA256
6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e
-
SHA512
1b41d658462cf7ecc7c6018065871243b006cfb85e633a223b4d1125cf21879056fe3cebc0663251a213c30e7591f04286e6c3dd3f06183e44edaa7a1b459c38
-
SSDEEP
768:cveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:wSP+SKabAk0BuqCXlg+/fs5cClfZw2gQ
Behavioral task
behavioral1
Sample
6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e.xls
Resource
win10v2004-20240709-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e
-
Size
34KB
-
MD5
a117e4f5bfe2ba75ff6b78e93c6df153
-
SHA1
196d0942134dd60244730f28872e0d7b774cb9f4
-
SHA256
6e0b8bd58689289deac8e6adc2810d9137b2d479ee59b9747480ec82c5b8ab4e
-
SHA512
1b41d658462cf7ecc7c6018065871243b006cfb85e633a223b4d1125cf21879056fe3cebc0663251a213c30e7591f04286e6c3dd3f06183e44edaa7a1b459c38
-
SSDEEP
768:cveWFwP+SKabAk0BuqCXlg+/fs5cClfZw2gmVXqA4LQYgO1mQQpSFeVAmcil:wSP+SKabAk0BuqCXlg+/fs5cClfZw2gQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-