General
-
Target
ea34f7b0d586dc16549674695b0ecd65210cf7b1aa2a2f44eae4cb1737ae60b4
-
Size
35KB
-
Sample
240705-1gvgxayflh
-
MD5
eb16e070904c41083354062b1a2a75a3
-
SHA1
652ff98fc9af256b8f53744ab7967a24a5af3733
-
SHA256
ea34f7b0d586dc16549674695b0ecd65210cf7b1aa2a2f44eae4cb1737ae60b4
-
SHA512
b93f8ad411c5cb9b16d4d9cb81bb28f4aac831d21fbe222125addeee797db01115a6ed8d54337b604e4ea95901a1d66968409a224983e69332c9ffaa77875106
-
SSDEEP
768:4tvo+ezRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJh86kmd93:owk3hbdlylKsgqopeJBWhZFGkE+cL2Na
Behavioral task
behavioral1
Sample
ea34f7b0d586dc16549674695b0ecd65210cf7b1aa2a2f44eae4cb1737ae60b4.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
ea34f7b0d586dc16549674695b0ecd65210cf7b1aa2a2f44eae4cb1737ae60b4.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
ea34f7b0d586dc16549674695b0ecd65210cf7b1aa2a2f44eae4cb1737ae60b4
-
Size
35KB
-
MD5
eb16e070904c41083354062b1a2a75a3
-
SHA1
652ff98fc9af256b8f53744ab7967a24a5af3733
-
SHA256
ea34f7b0d586dc16549674695b0ecd65210cf7b1aa2a2f44eae4cb1737ae60b4
-
SHA512
b93f8ad411c5cb9b16d4d9cb81bb28f4aac831d21fbe222125addeee797db01115a6ed8d54337b604e4ea95901a1d66968409a224983e69332c9ffaa77875106
-
SSDEEP
768:4tvo+ezRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJh86kmd93:owk3hbdlylKsgqopeJBWhZFGkE+cL2Na
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-