General
-
Target
CI.xls
-
Size
1.1MB
-
Sample
241113-h6nrjszrgj
-
MD5
72d8e169ad35b47ec2c78eca9daf6887
-
SHA1
4457b65f714f803cbf1206530b4795aa944a75c8
-
SHA256
62ebacf04ae91df07d6acb4b8deb8960ec8c42c2accf6323ecadee31d95151d1
-
SHA512
7d22b976e78136053965b251ca864afa1366d8322fcf544330549f956025f4aa11985dd2a8577c8365af4a2d77aaeb9c5fcd5dede5d53547e6bd88b57f4dbfce
-
SSDEEP
24576:nq9PLiijE2Z5Z2am8x/gY/tMJE8F84LJQodszysshMx6YIVf9QCIr+:nEPLiij7Z5ZK8Fg8tMpFjLJQodXsehYo
Static task
static1
Behavioral task
behavioral1
Sample
CI.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
CI.xls
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
https://1017.filemail.com/api/file/get?filekey=2Aa_bWo9Reu45t7BU1kVgsd9pT9pgSSlvStGrnTICfFhmTKj3LC6SQtIcOc_T35w&pk_vid=fd4f614bb209c62c1730945176a0904f
Targets
-
-
Target
CI.xls
-
Size
1.1MB
-
MD5
72d8e169ad35b47ec2c78eca9daf6887
-
SHA1
4457b65f714f803cbf1206530b4795aa944a75c8
-
SHA256
62ebacf04ae91df07d6acb4b8deb8960ec8c42c2accf6323ecadee31d95151d1
-
SHA512
7d22b976e78136053965b251ca864afa1366d8322fcf544330549f956025f4aa11985dd2a8577c8365af4a2d77aaeb9c5fcd5dede5d53547e6bd88b57f4dbfce
-
SSDEEP
24576:nq9PLiijE2Z5Z2am8x/gY/tMJE8F84LJQodszysshMx6YIVf9QCIr+:nEPLiij7Z5ZK8Fg8tMpFjLJQodXsehYo
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Evasion via Device Credential Deployment
-
Drops file in System32 directory
-