Analysis
-
max time kernel
63s -
max time network
75s -
platform
windows7_x64 -
resource
win7 -
submitted
08-07-2020 09:23
General
-
Target
844ac7548e10dd95f71103de03700662.xlsx
-
Size
14KB
-
MD5
844ac7548e10dd95f71103de03700662
-
SHA1
a102fe4d66c0969ea0a971ee9d18fda30f1a30e9
-
SHA256
830e8423cc6de38a9d8b660840f168dfeb3bd7dfd330060cf9ed9855e24f65dd
-
SHA512
43e42462b4138540296c58795acfaa9303040b97cffa74a812e3bd179f754f55f512e811fdb48e1ef0df5e173e0e888d13cf911cdd0b4ccad07d444a15b8702a
Score
8/10
Malware Config
Signatures
-
Blacklisted process makes network request 1 IoCs
-
Launches Equation Editor 1 TTPs 1 IoCs
Equation Editor is an old Office component often targeted by exploits such as CVE-2017-11882.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\844ac7548e10dd95f71103de03700662.xlsx1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding1⤵
- Blacklisted process makes network request
- Launches Equation Editor