Analysis

  • max time kernel
    135s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09-07-2020 04:22

General

  • Target

    Purchase Order 24432 .xlsx

  • Size

    14KB

  • MD5

    d31859fb69340e3d8aee9d8bc98dfed5

  • SHA1

    6b31e11e8c43a222bd07cd79273d9013b2137001

  • SHA256

    59f1f955f073e2a326d914a15fff168d9c304795270b26bdfb5e1d68d1f96742

  • SHA512

    94ac7f4d94f7c78d1e4a3a16f90d251bd7a815949039294b340375b0da5d2515444dc97e2319dbe6849267ee77f73470ff960db599ad6dae67c80e8e84052f00

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Purchase Order 24432 .xlsx"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:2976

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads