General
-
Target
55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
-
Size
44KB
-
Sample
240705-z2dt8aybqe
-
MD5
66de90b30c5f73b1f99e8e610d6f1242
-
SHA1
818a867d1e637aea7093ad0505bf4d92ba64439a
-
SHA256
55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
-
SHA512
a947f178694ae02dd74c56ecd8883b65ecddf82a57b7e913a859984a87b54fb79228edb44e48b37fd0ab2340e6cc7c79b6e00cd523720815b866f6ffc7e86543
-
SSDEEP
768:Ctvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:SWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Behavioral task
behavioral1
Sample
55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
-
Size
44KB
-
MD5
66de90b30c5f73b1f99e8e610d6f1242
-
SHA1
818a867d1e637aea7093ad0505bf4d92ba64439a
-
SHA256
55969ae89efdedd5136a3190b21fd6db7a55125a69e052627317ab62c4fd03aa
-
SHA512
a947f178694ae02dd74c56ecd8883b65ecddf82a57b7e913a859984a87b54fb79228edb44e48b37fd0ab2340e6cc7c79b6e00cd523720815b866f6ffc7e86543
-
SSDEEP
768:Ctvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:SWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-