Resubmissions

09-07-2020 11:55

200709-qgpv6ztjej 8

Analysis

  • max time kernel
    146s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    09-07-2020 11:55

General

  • Target

    9918_99_274.xls

  • Size

    159KB

  • MD5

    a1e13e4954b98e6524d47527be441812

  • SHA1

    72e88bd0543152b638f804548a09c865aa4610c9

  • SHA256

    8dd8d863b51d13fedf887fc68e6f7c1a4d93fa868cf0ced1f46d2fca77585e5d

  • SHA512

    2734387aa21327b3d6547acb07e4bbf48cb473844e6491f7e659f996dab664a26a8c41cf9b8727e43f770093e7b6c3914db375a36555e32f7564bae02e3673c9

Malware Config

Signatures

  • Modifies system certificate store 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\9918_99_274.xls"
    1⤵
    • Modifies system certificate store
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    PID:3756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads