General
-
Target
ee6666aa9e5387583b1acb4e3684dfcb10c67d2fa6738b7ba07864b79976f2ed.xls
-
Size
1.1MB
-
Sample
241113-dkbsmswarr
-
MD5
01c16c040fe7d4ea91adf63333f925f8
-
SHA1
265e06375fb597735faca5f7345cf7e67619f728
-
SHA256
ee6666aa9e5387583b1acb4e3684dfcb10c67d2fa6738b7ba07864b79976f2ed
-
SHA512
e68f8fae49c6f8808f2821c0c0a3f2948227bf2ef3bcea6b5c91eec4543bb587063441d96c1fe31f1b1516a5a738d882b3e6904f81e06b26c2399e7b02dcc84e
-
SSDEEP
24576:gq9PLiijE2Z5Z2am8F9sPxQtF84LJQodsshoe2gVm:gEPLiij7Z5ZK8F9vFjLJQodK
Static task
static1
Behavioral task
behavioral1
Sample
ee6666aa9e5387583b1acb4e3684dfcb10c67d2fa6738b7ba07864b79976f2ed.xls
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
ee6666aa9e5387583b1acb4e3684dfcb10c67d2fa6738b7ba07864b79976f2ed.xls
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
Targets
-
-
Target
ee6666aa9e5387583b1acb4e3684dfcb10c67d2fa6738b7ba07864b79976f2ed.xls
-
Size
1.1MB
-
MD5
01c16c040fe7d4ea91adf63333f925f8
-
SHA1
265e06375fb597735faca5f7345cf7e67619f728
-
SHA256
ee6666aa9e5387583b1acb4e3684dfcb10c67d2fa6738b7ba07864b79976f2ed
-
SHA512
e68f8fae49c6f8808f2821c0c0a3f2948227bf2ef3bcea6b5c91eec4543bb587063441d96c1fe31f1b1516a5a738d882b3e6904f81e06b26c2399e7b02dcc84e
-
SSDEEP
24576:gq9PLiijE2Z5Z2am8F9sPxQtF84LJQodsshoe2gVm:gEPLiij7Z5ZK8F9vFjLJQodK
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Evasion via Device Credential Deployment
-
Drops file in System32 directory
-