General
-
Target
c5705ba72ba0827f49c4f42fda991076724c50f9ddb952a4bcab5d290218d907
-
Size
44KB
-
Sample
240705-z6j7sswcpr
-
MD5
7dbf295fd3e9472f4786d5fb25f7698e
-
SHA1
d67d5e5f26e1b203f36e108c2149484772296f54
-
SHA256
c5705ba72ba0827f49c4f42fda991076724c50f9ddb952a4bcab5d290218d907
-
SHA512
2d482cc0ae7effb4ab35df8495577280df60ea6ff48eca7a90c51994d3291bf1c8c07afb6c0697a8ca68b7ebc540a9df717c47fc17cae4a13992c99f1e66d670
-
SSDEEP
768:Otvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:uWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Behavioral task
behavioral1
Sample
c5705ba72ba0827f49c4f42fda991076724c50f9ddb952a4bcab5d290218d907.xls
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c5705ba72ba0827f49c4f42fda991076724c50f9ddb952a4bcab5d290218d907.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
c5705ba72ba0827f49c4f42fda991076724c50f9ddb952a4bcab5d290218d907
-
Size
44KB
-
MD5
7dbf295fd3e9472f4786d5fb25f7698e
-
SHA1
d67d5e5f26e1b203f36e108c2149484772296f54
-
SHA256
c5705ba72ba0827f49c4f42fda991076724c50f9ddb952a4bcab5d290218d907
-
SHA512
2d482cc0ae7effb4ab35df8495577280df60ea6ff48eca7a90c51994d3291bf1c8c07afb6c0697a8ca68b7ebc540a9df717c47fc17cae4a13992c99f1e66d670
-
SSDEEP
768:Otvo2+jk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJdeFWkuF6mQQcMQJ9acD9acyL:uWk3hbdlylKsgqopeJBWhZFGkE+cL2Ni
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-