General
-
Target
b88d648ea2965fa54d880c92a9e5f1457ce891e2b6de7249c5cc9b040c5fc9fd
-
Size
35KB
-
Sample
240705-1l1jqaygka
-
MD5
1c5da90fca717b0a1f06e6cad13196cf
-
SHA1
e4d24fe085197c6a71afff880b903ba12ef1bf02
-
SHA256
b88d648ea2965fa54d880c92a9e5f1457ce891e2b6de7249c5cc9b040c5fc9fd
-
SHA512
4227e76a83629ee446388f4cb722f0ad8027acb442655d3619d8b1661fb4a96438760ff984d20d5568431fe77780549ae4b84e91f0916275118ebaccd5a09a99
-
SSDEEP
768:p5555stZggEowDDNlWynftvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJZQCr:p5555stZggEowDDNlWynPyk3hbdlylKq
Behavioral task
behavioral1
Sample
b88d648ea2965fa54d880c92a9e5f1457ce891e2b6de7249c5cc9b040c5fc9fd.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
b88d648ea2965fa54d880c92a9e5f1457ce891e2b6de7249c5cc9b040c5fc9fd.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
b88d648ea2965fa54d880c92a9e5f1457ce891e2b6de7249c5cc9b040c5fc9fd
-
Size
35KB
-
MD5
1c5da90fca717b0a1f06e6cad13196cf
-
SHA1
e4d24fe085197c6a71afff880b903ba12ef1bf02
-
SHA256
b88d648ea2965fa54d880c92a9e5f1457ce891e2b6de7249c5cc9b040c5fc9fd
-
SHA512
4227e76a83629ee446388f4cb722f0ad8027acb442655d3619d8b1661fb4a96438760ff984d20d5568431fe77780549ae4b84e91f0916275118ebaccd5a09a99
-
SSDEEP
768:p5555stZggEowDDNlWynftvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJZQCr:p5555stZggEowDDNlWynPyk3hbdlylKq
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-