Analysis

  • max time kernel
    30s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    08-07-2020 16:57

General

  • Target

    SecuriteInfo.com.Trojan.Script.Generic.24937.xls

  • Size

    919KB

  • MD5

    885c40f48464f690f83f97efd6a0b093

  • SHA1

    cf6f858fe15db15f3ce94a4ab1aabbdd39bad5b1

  • SHA256

    ba47cdd310892146ad95f73ca30973eab4c3f52d9c1a1035ded2f62f87ed5fda

  • SHA512

    51e658161c4e2532342a8cbd72155fa76271c250066283029ff9debf3bde430c37300735734fb4ee6e3483be8d2ec474177567e26afe021f88af6c9300149461

Score
8/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Script.Generic.24937.xls"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of WriteProcessMemory
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:3588
    • C:\hQQDpQm\zOuMyDc\XTHcSJX.exe
      "C:\hQQDpQm\zOuMyDc\XTHcSJX.exe"
      2⤵
      • Executes dropped EXE
      PID:4036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads