General
-
Target
6da0aff212ee22098d43d27ef6af27a3b60f63efa520e5ddbb71a4902fcd8673
-
Size
44KB
-
Sample
240704-2anw8asepn
-
MD5
27c3495d139babd4e95c88c3bd092d6a
-
SHA1
c77f5ac04a38556b8c07e2a6eeffc589061c77dc
-
SHA256
6da0aff212ee22098d43d27ef6af27a3b60f63efa520e5ddbb71a4902fcd8673
-
SHA512
554ce51c18068737b589259b60e6be3142aeaa0f2d4b7f323d769314f61f4749f022d086b14bf63c4a913a9f89d105be6237034941f223f1190bc47805dbc535
-
SSDEEP
768:JtvoeyUk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJExWlsFHmQQccAJ9acGg9acyL:xTk3hbdlylKsgqopeJBWhZFGkE+cL2NM
Behavioral task
behavioral1
Sample
6da0aff212ee22098d43d27ef6af27a3b60f63efa520e5ddbb71a4902fcd8673.xls
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6da0aff212ee22098d43d27ef6af27a3b60f63efa520e5ddbb71a4902fcd8673.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
6da0aff212ee22098d43d27ef6af27a3b60f63efa520e5ddbb71a4902fcd8673
-
Size
44KB
-
MD5
27c3495d139babd4e95c88c3bd092d6a
-
SHA1
c77f5ac04a38556b8c07e2a6eeffc589061c77dc
-
SHA256
6da0aff212ee22098d43d27ef6af27a3b60f63efa520e5ddbb71a4902fcd8673
-
SHA512
554ce51c18068737b589259b60e6be3142aeaa0f2d4b7f323d769314f61f4749f022d086b14bf63c4a913a9f89d105be6237034941f223f1190bc47805dbc535
-
SSDEEP
768:JtvoeyUk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJExWlsFHmQQccAJ9acGg9acyL:xTk3hbdlylKsgqopeJBWhZFGkE+cL2NM
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-