Analysis
-
max time kernel
124s -
max time network
147s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07/07/2020, 15:04
General
-
Target
DHL-Fattura-Cash-499362-5054.xls
-
Size
72KB
-
MD5
cd145541e4815fc0bc60640cd5b6331e
-
SHA1
99c43c329ba59ca63d228ecd6eb91cc92142a1c2
-
SHA256
cffa9be85459012d44315fb639d583a10e96bad7a9c602ab53bb9461375e90e0
-
SHA512
6bb4e546d0f2a8c5189d453d4bfd4d5c1da19c06dc1981c88d7cc2eb312f2afc11546705786188a9ebc19a68490c4889fa4ec8c8fda9f11c374a368656f7c373
Score
10/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Program crash 1 IoCs
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\DHL-Fattura-Cash-499362-5054.xls"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
- Enumerates system info in registry
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3848 -s 48642⤵
- Process spawned unexpected child process
- Program crash
- Suspicious use of NtCreateProcessExOtherParentProcess
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
20KB
-
Filesize
20KB
-
Filesize
20KB
-
Filesize
12KB