General
-
Target
fd57d9f65551c35df28e4afdc7150ac69678cd2daedb0187c2645de435e97836
-
Size
35KB
-
Sample
240705-z5qcesycnd
-
MD5
aca54b228c3c6ca8b083c44407d03264
-
SHA1
bc8b2f0074a04c79225a6de5e933360e51265f18
-
SHA256
fd57d9f65551c35df28e4afdc7150ac69678cd2daedb0187c2645de435e97836
-
SHA512
35e6dcf1084ab519243e7ea34ff59e77e839b7184dfc871d5a21729b424b472baeac81f4320db9b9db90f8ef03793121c08f8a1183d1b53dd6d92bd43017aa0e
-
SSDEEP
768:HtvoegUk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ2z2UWOd93:H5k3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Behavioral task
behavioral1
Sample
fd57d9f65551c35df28e4afdc7150ac69678cd2daedb0187c2645de435e97836.xls
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
fd57d9f65551c35df28e4afdc7150ac69678cd2daedb0187c2645de435e97836.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
fd57d9f65551c35df28e4afdc7150ac69678cd2daedb0187c2645de435e97836
-
Size
35KB
-
MD5
aca54b228c3c6ca8b083c44407d03264
-
SHA1
bc8b2f0074a04c79225a6de5e933360e51265f18
-
SHA256
fd57d9f65551c35df28e4afdc7150ac69678cd2daedb0187c2645de435e97836
-
SHA512
35e6dcf1084ab519243e7ea34ff59e77e839b7184dfc871d5a21729b424b472baeac81f4320db9b9db90f8ef03793121c08f8a1183d1b53dd6d92bd43017aa0e
-
SSDEEP
768:HtvoegUk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ2z2UWOd93:H5k3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-