General
-
Target
d41a70e2ee05975672659527bdb66ea0f32cb50622dfd4a630252cabae4fa938
-
Size
44KB
-
Sample
240704-1fwctasfkd
-
MD5
100bbd0c7b93a12142374ffce4aac777
-
SHA1
16718e99e93da40c16dca0dce8e7d24dd013d3b1
-
SHA256
d41a70e2ee05975672659527bdb66ea0f32cb50622dfd4a630252cabae4fa938
-
SHA512
78947d51d7027865b26ff139a8d41c6e088fd942fbb4553d99786f23fe55a81f79d1bd16187767c1698012a8280d9beedd3b3b52de6c33267d453128fea86750
-
SSDEEP
768:GtvojzJl8kkhzOjugt643rUdc1um4GKt+cL23dA7148u5xWouF6mQQcEnJ9ac0xy:xl8kkhzOjugt643rGc1um4GKt+cL23dC
Behavioral task
behavioral1
Sample
d41a70e2ee05975672659527bdb66ea0f32cb50622dfd4a630252cabae4fa938.xls
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d41a70e2ee05975672659527bdb66ea0f32cb50622dfd4a630252cabae4fa938.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
d41a70e2ee05975672659527bdb66ea0f32cb50622dfd4a630252cabae4fa938
-
Size
44KB
-
MD5
100bbd0c7b93a12142374ffce4aac777
-
SHA1
16718e99e93da40c16dca0dce8e7d24dd013d3b1
-
SHA256
d41a70e2ee05975672659527bdb66ea0f32cb50622dfd4a630252cabae4fa938
-
SHA512
78947d51d7027865b26ff139a8d41c6e088fd942fbb4553d99786f23fe55a81f79d1bd16187767c1698012a8280d9beedd3b3b52de6c33267d453128fea86750
-
SSDEEP
768:GtvojzJl8kkhzOjugt643rUdc1um4GKt+cL23dA7148u5xWouF6mQQcEnJ9ac0xy:xl8kkhzOjugt643rGc1um4GKt+cL23dC
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-