General
-
Target
e3f3e4fa15cbbd5ce6a0efe281d2c1bae24198c9b9918715dbea14b82f4acdf6
-
Size
44KB
-
Sample
240705-zwdl9syamd
-
MD5
7fa95d41999974e212baf553622e84f3
-
SHA1
9e29a3c27f943fd780f2744ce20fb20ea4a52b59
-
SHA256
e3f3e4fa15cbbd5ce6a0efe281d2c1bae24198c9b9918715dbea14b82f4acdf6
-
SHA512
a26459f84181a880174881ca5f34f624faa919631ef0276e9818fe3538d37a6952f36ec5f6aeb5eb65a989be5c37e6ea7247308fa24f9fef205bc4eedd54e150
-
SSDEEP
768:9tvoefzRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJMtkW+uFlmQQc81J9ac09acyL:tdk3hbdlylKsgqopeJBWhZFGkE+cL2NE
Behavioral task
behavioral1
Sample
e3f3e4fa15cbbd5ce6a0efe281d2c1bae24198c9b9918715dbea14b82f4acdf6.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
e3f3e4fa15cbbd5ce6a0efe281d2c1bae24198c9b9918715dbea14b82f4acdf6.xls
Resource
win10v2004-20240704-en
Malware Config
Extracted
https://raw.githubusercontent.com/enigma0x3/Generate-Macro/master/Generate-Macro.ps1
Targets
-
-
Target
e3f3e4fa15cbbd5ce6a0efe281d2c1bae24198c9b9918715dbea14b82f4acdf6
-
Size
44KB
-
MD5
7fa95d41999974e212baf553622e84f3
-
SHA1
9e29a3c27f943fd780f2744ce20fb20ea4a52b59
-
SHA256
e3f3e4fa15cbbd5ce6a0efe281d2c1bae24198c9b9918715dbea14b82f4acdf6
-
SHA512
a26459f84181a880174881ca5f34f624faa919631ef0276e9818fe3538d37a6952f36ec5f6aeb5eb65a989be5c37e6ea7247308fa24f9fef205bc4eedd54e150
-
SSDEEP
768:9tvoefzRk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJMtkW+uFlmQQc81J9ac09acyL:tdk3hbdlylKsgqopeJBWhZFGkE+cL2NE
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-