General
-
Target
b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
-
Size
96KB
-
Sample
241120-xnv58s1dkc
-
MD5
a870508b049f2ddd9f73b34821c14a73
-
SHA1
f8022c0d140303bb44cc4d55b10b3e682ba897a0
-
SHA256
b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
-
SHA512
e1d4cb293cc3e9b29985a89726d1a3a09d1bc4593b9d8509d729668f1bf96b1a888f6db2321dc3c4d6f8b4eeaebefc74cc51157e7ec564caafb2482f82f480ed
-
SSDEEP
1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm37:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgz
Behavioral task
behavioral1
Sample
b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6.xls
Resource
win10v2004-20241007-en
Malware Config
Extracted
http://fisika.mipa.uns.ac.id/reseller/img/nRAvAgoY8Y/
http://greycoconut.com/edm/71qUA/
http://zonainformatica.es/tienda/XCHJmidSYTkE/
http://balletmagazine.ro/wp-content/9VrMPV/
Targets
-
-
Target
b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
-
Size
96KB
-
MD5
a870508b049f2ddd9f73b34821c14a73
-
SHA1
f8022c0d140303bb44cc4d55b10b3e682ba897a0
-
SHA256
b11d30be3dd81cabd66d1548ec3cdcde80acf32dfcb55c17234c0a1ee46a6fb6
-
SHA512
e1d4cb293cc3e9b29985a89726d1a3a09d1bc4593b9d8509d729668f1bf96b1a888f6db2321dc3c4d6f8b4eeaebefc74cc51157e7ec564caafb2482f82f480ed
-
SSDEEP
1536:7kKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg4jHuS4hcTO97v7UYdEJm37:IKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgz
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-