General
-
Target
9c87045b4d9e7c0814866a7117379907274da816a4212bddc955ef6121c1876c
-
Size
44KB
-
Sample
240705-1rgc2ayhkc
-
MD5
7de3112444beff4ccb3531dcbdae942d
-
SHA1
5ec234f52022c755d8bad1ff0bad49d5896fba7c
-
SHA256
9c87045b4d9e7c0814866a7117379907274da816a4212bddc955ef6121c1876c
-
SHA512
20240eac84ed3d147ba0884e13af1050799f6d536f5972e2d6eecf216a535505514eb5677d849543974bee46e15999471243f1d5eae22bb8d3ed705fe6a5b21a
-
SSDEEP
768:BtvoekzRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJwzz3W+uFlmQQc81J9acW9ac6:ZGk3hbdlylKsgqopeJBWhZFGkE+cL2Nx
Behavioral task
behavioral1
Sample
9c87045b4d9e7c0814866a7117379907274da816a4212bddc955ef6121c1876c.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
9c87045b4d9e7c0814866a7117379907274da816a4212bddc955ef6121c1876c.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
9c87045b4d9e7c0814866a7117379907274da816a4212bddc955ef6121c1876c
-
Size
44KB
-
MD5
7de3112444beff4ccb3531dcbdae942d
-
SHA1
5ec234f52022c755d8bad1ff0bad49d5896fba7c
-
SHA256
9c87045b4d9e7c0814866a7117379907274da816a4212bddc955ef6121c1876c
-
SHA512
20240eac84ed3d147ba0884e13af1050799f6d536f5972e2d6eecf216a535505514eb5677d849543974bee46e15999471243f1d5eae22bb8d3ed705fe6a5b21a
-
SSDEEP
768:BtvoekzRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJwzz3W+uFlmQQc81J9acW9ac6:ZGk3hbdlylKsgqopeJBWhZFGkE+cL2Nx
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-