General
-
Target
c54efb7b84413ba1c60e6fb6975ba4a87cb1ee05ea5aa3281bc8347e56dd7aed
-
Size
44KB
-
Sample
240705-z28dtsycjd
-
MD5
6b25785c651f92b59f91d0a3d881cc54
-
SHA1
1f10f11c229aeebf857f9021c8721c3c3adb01ab
-
SHA256
c54efb7b84413ba1c60e6fb6975ba4a87cb1ee05ea5aa3281bc8347e56dd7aed
-
SHA512
4cb34598285573d3f0dc7c4277512fdc83dab5ab3fa12466536f4863afec0498555587a1194ce1033501a350a959b5ed09ec96f5eb509d59939989a6af9d5124
-
SSDEEP
768:Jtvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:BWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Behavioral task
behavioral1
Sample
c54efb7b84413ba1c60e6fb6975ba4a87cb1ee05ea5aa3281bc8347e56dd7aed.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c54efb7b84413ba1c60e6fb6975ba4a87cb1ee05ea5aa3281bc8347e56dd7aed.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
c54efb7b84413ba1c60e6fb6975ba4a87cb1ee05ea5aa3281bc8347e56dd7aed
-
Size
44KB
-
MD5
6b25785c651f92b59f91d0a3d881cc54
-
SHA1
1f10f11c229aeebf857f9021c8721c3c3adb01ab
-
SHA256
c54efb7b84413ba1c60e6fb6975ba4a87cb1ee05ea5aa3281bc8347e56dd7aed
-
SHA512
4cb34598285573d3f0dc7c4277512fdc83dab5ab3fa12466536f4863afec0498555587a1194ce1033501a350a959b5ed09ec96f5eb509d59939989a6af9d5124
-
SSDEEP
768:Jtvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:BWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-