General
-
Target
3cdc60732562db3eeaa69151c15f981113c4e59209c86d82b9a449454c484a79
-
Size
35KB
-
Sample
240705-1a114swdqq
-
MD5
a38298c904ab5f1319f249d2ac05bdb7
-
SHA1
d638c6ea91e5362784ef7c4ac5a5c0e1f1c0addb
-
SHA256
3cdc60732562db3eeaa69151c15f981113c4e59209c86d82b9a449454c484a79
-
SHA512
fe64dd18a50ceecf914b3542f7606940d51510e52073f56f3986778e34e3b8f7fc034fd3a761d912a2a4e17dc3a4ce47a37c47df4e15face9d9e0e44ba1c0129
-
SSDEEP
768:1tvoegUk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ2z2UWOd93:15k3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Behavioral task
behavioral1
Sample
3cdc60732562db3eeaa69151c15f981113c4e59209c86d82b9a449454c484a79.xls
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
3cdc60732562db3eeaa69151c15f981113c4e59209c86d82b9a449454c484a79.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
3cdc60732562db3eeaa69151c15f981113c4e59209c86d82b9a449454c484a79
-
Size
35KB
-
MD5
a38298c904ab5f1319f249d2ac05bdb7
-
SHA1
d638c6ea91e5362784ef7c4ac5a5c0e1f1c0addb
-
SHA256
3cdc60732562db3eeaa69151c15f981113c4e59209c86d82b9a449454c484a79
-
SHA512
fe64dd18a50ceecf914b3542f7606940d51510e52073f56f3986778e34e3b8f7fc034fd3a761d912a2a4e17dc3a4ce47a37c47df4e15face9d9e0e44ba1c0129
-
SSDEEP
768:1tvoegUk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ2z2UWOd93:15k3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-