General
-
Target
a92f853aaeb199de0fadc5cffe92ca84f475106d6d60004fce0cf92454f388a6
-
Size
44KB
-
Sample
240705-1hpcaayfnb
-
MD5
df6b63de899ed18a6a59c28f4d8d1db0
-
SHA1
2d18ce32bebef40d054dbbae89c962219467996e
-
SHA256
a92f853aaeb199de0fadc5cffe92ca84f475106d6d60004fce0cf92454f388a6
-
SHA512
046f6fd67a242ba80f6873e48a19031176b35e77ad2b71f41329b41b22b21cb7a14bbfae333a9733c489f8d21e67f8dc842d9a55adb96179a6a9a7551ddb4886
-
SSDEEP
768:Ztvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJz/HWguFlmQQc8RJ9acs9acyL:hyk3hbdlylKsgqopeJBWhZFGkE+cL2NK
Behavioral task
behavioral1
Sample
a92f853aaeb199de0fadc5cffe92ca84f475106d6d60004fce0cf92454f388a6.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
a92f853aaeb199de0fadc5cffe92ca84f475106d6d60004fce0cf92454f388a6.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
a92f853aaeb199de0fadc5cffe92ca84f475106d6d60004fce0cf92454f388a6
-
Size
44KB
-
MD5
df6b63de899ed18a6a59c28f4d8d1db0
-
SHA1
2d18ce32bebef40d054dbbae89c962219467996e
-
SHA256
a92f853aaeb199de0fadc5cffe92ca84f475106d6d60004fce0cf92454f388a6
-
SHA512
046f6fd67a242ba80f6873e48a19031176b35e77ad2b71f41329b41b22b21cb7a14bbfae333a9733c489f8d21e67f8dc842d9a55adb96179a6a9a7551ddb4886
-
SSDEEP
768:Ztvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJz/HWguFlmQQc8RJ9acs9acyL:hyk3hbdlylKsgqopeJBWhZFGkE+cL2NK
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-