General
-
Target
360279673924c1bf983143aeabd52584927e7d08417cc5acf6d3acd5f948ad27
-
Size
35KB
-
Sample
240705-1dhzpswemk
-
MD5
8ea927f288b724bbc5dfb54dcbd494f4
-
SHA1
0bbf7d213f1443524a217e9f2ce678ad918e7011
-
SHA256
360279673924c1bf983143aeabd52584927e7d08417cc5acf6d3acd5f948ad27
-
SHA512
3fe55b724e879832f1fe7e8b270df21027514a35d05123fcc18feda22e4204c1e4ba8d5378a884c508f93769f35118d9943fd9f21c925f85e01cbcbdc6e81b59
-
SSDEEP
768:Vtvo+ezRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJhmGelFC3Ud93:9wk3hbdlylKsgqopeJBWhZFGkE+cL2Np
Behavioral task
behavioral1
Sample
360279673924c1bf983143aeabd52584927e7d08417cc5acf6d3acd5f948ad27.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
360279673924c1bf983143aeabd52584927e7d08417cc5acf6d3acd5f948ad27.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
360279673924c1bf983143aeabd52584927e7d08417cc5acf6d3acd5f948ad27
-
Size
35KB
-
MD5
8ea927f288b724bbc5dfb54dcbd494f4
-
SHA1
0bbf7d213f1443524a217e9f2ce678ad918e7011
-
SHA256
360279673924c1bf983143aeabd52584927e7d08417cc5acf6d3acd5f948ad27
-
SHA512
3fe55b724e879832f1fe7e8b270df21027514a35d05123fcc18feda22e4204c1e4ba8d5378a884c508f93769f35118d9943fd9f21c925f85e01cbcbdc6e81b59
-
SSDEEP
768:Vtvo+ezRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJhmGelFC3Ud93:9wk3hbdlylKsgqopeJBWhZFGkE+cL2Np
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-