General
-
Target
45742ee9873e5de1887d11e546d849e75f3b7f653e9374e77f43a761f7411afd
-
Size
33KB
-
Sample
240704-19j7msvcpc
-
MD5
71d5805de3c046d38e33dbf9c5777cfa
-
SHA1
b5d53e66c578ac51891fd7a27cf7bc1e60ffeaaf
-
SHA256
45742ee9873e5de1887d11e546d849e75f3b7f653e9374e77f43a761f7411afd
-
SHA512
5d0397a63792e7d2ea50e4d49925fcb7060ded438b0d8d344f78a29ff58a882e716f7de8b79804fe1cde56991734784aaa696a9e8248d16ae61b7c6716cb74ec
-
SSDEEP
768:Ztvo2Jtk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJof+suOd93:RPk3hbdlylKsgqopeJBWhZFGkE+cL2NZ
Behavioral task
behavioral1
Sample
45742ee9873e5de1887d11e546d849e75f3b7f653e9374e77f43a761f7411afd.xls
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
45742ee9873e5de1887d11e546d849e75f3b7f653e9374e77f43a761f7411afd.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
45742ee9873e5de1887d11e546d849e75f3b7f653e9374e77f43a761f7411afd
-
Size
33KB
-
MD5
71d5805de3c046d38e33dbf9c5777cfa
-
SHA1
b5d53e66c578ac51891fd7a27cf7bc1e60ffeaaf
-
SHA256
45742ee9873e5de1887d11e546d849e75f3b7f653e9374e77f43a761f7411afd
-
SHA512
5d0397a63792e7d2ea50e4d49925fcb7060ded438b0d8d344f78a29ff58a882e716f7de8b79804fe1cde56991734784aaa696a9e8248d16ae61b7c6716cb74ec
-
SSDEEP
768:Ztvo2Jtk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJof+suOd93:RPk3hbdlylKsgqopeJBWhZFGkE+cL2NZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-