General
-
Target
66bc45d3721827cf38ce330d9128d4a1bb83961c8057443ef128894d55b77a42
-
Size
33KB
-
Sample
240704-z8b9zasbmc
-
MD5
3dba90b0dce6eb1b942599544b233c19
-
SHA1
f8c114190016a9297606022238bbf37269c8770f
-
SHA256
66bc45d3721827cf38ce330d9128d4a1bb83961c8057443ef128894d55b77a42
-
SHA512
72f48037d9703fa4eec67ebff66bb4a5b7e133443246337e307693c3d263c053249fe9b0bb419c7464753f3e69448b5047a91d4c5205a4c668d3ac32086efd92
-
SSDEEP
768:6tvo2Jtk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJofOOtOj3:6Pk3hbdlylKsgqopeJBWhZFGkE+cL2N0
Behavioral task
behavioral1
Sample
66bc45d3721827cf38ce330d9128d4a1bb83961c8057443ef128894d55b77a42.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
66bc45d3721827cf38ce330d9128d4a1bb83961c8057443ef128894d55b77a42.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
66bc45d3721827cf38ce330d9128d4a1bb83961c8057443ef128894d55b77a42
-
Size
33KB
-
MD5
3dba90b0dce6eb1b942599544b233c19
-
SHA1
f8c114190016a9297606022238bbf37269c8770f
-
SHA256
66bc45d3721827cf38ce330d9128d4a1bb83961c8057443ef128894d55b77a42
-
SHA512
72f48037d9703fa4eec67ebff66bb4a5b7e133443246337e307693c3d263c053249fe9b0bb419c7464753f3e69448b5047a91d4c5205a4c668d3ac32086efd92
-
SSDEEP
768:6tvo2Jtk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJofOOtOj3:6Pk3hbdlylKsgqopeJBWhZFGkE+cL2N0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-