General
-
Target
c247b470004cd44022740af1161b32d2410a467c9ef5b449611e3e72b4ba1f4b
-
Size
44KB
-
Sample
240704-12am8s1hrm
-
MD5
f71cd4e5b5e13420751c19a94c23e2ed
-
SHA1
b233245f5d96ea22c5d353296439cf5544411827
-
SHA256
c247b470004cd44022740af1161b32d2410a467c9ef5b449611e3e72b4ba1f4b
-
SHA512
4647ecb57452481c0151a39c44a088a5ce1f9ce594ff7c94477d3074a4b973de147972c2c3fb2d6c3ffb84c083267bbb5bff440ed0fe530cf32ec841efe52d25
-
SSDEEP
768:0tvoIsfl8kkhzOjugt643rUdc1um4GKt+cLnLnZnAbu48uT7WtuF6mQQTgDJ9ack:hl8kkhzOjugt643rGc1um4GKt+cLnLnk
Behavioral task
behavioral1
Sample
c247b470004cd44022740af1161b32d2410a467c9ef5b449611e3e72b4ba1f4b.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c247b470004cd44022740af1161b32d2410a467c9ef5b449611e3e72b4ba1f4b.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
c247b470004cd44022740af1161b32d2410a467c9ef5b449611e3e72b4ba1f4b
-
Size
44KB
-
MD5
f71cd4e5b5e13420751c19a94c23e2ed
-
SHA1
b233245f5d96ea22c5d353296439cf5544411827
-
SHA256
c247b470004cd44022740af1161b32d2410a467c9ef5b449611e3e72b4ba1f4b
-
SHA512
4647ecb57452481c0151a39c44a088a5ce1f9ce594ff7c94477d3074a4b973de147972c2c3fb2d6c3ffb84c083267bbb5bff440ed0fe530cf32ec841efe52d25
-
SSDEEP
768:0tvoIsfl8kkhzOjugt643rUdc1um4GKt+cLnLnZnAbu48uT7WtuF6mQQTgDJ9ack:hl8kkhzOjugt643rGc1um4GKt+cLnLnk
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-