Analysis
-
max time kernel
137s -
max time network
132s -
platform
windows10_x64 -
resource
win10 -
submitted
13-07-2020 20:00
General
-
Target
SecuriteInfo.com.DOC.Kryptik.Q.893.xls
-
Size
294KB
-
MD5
8b6d08aa84e0a4f523a804afc89a8212
-
SHA1
c7f07421aa70e66b4bdb5350ba4c3529a00c4d7d
-
SHA256
61e798e2539635b290c475b23bbe4940d10e514645f08bbccbe1442345ebe39a
-
SHA512
23b4c196217e9b0923b9860aca873b2ea61d9405c1d911b100c7b58460eeae8799745832a2b84404a25b59506fd7ade21489fe544c2db1a9ea85683f91343060
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Enumerates connected drives 3 TTPs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.DOC.Kryptik.Q.893.xls"1⤵
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\WbMFNqE\DTXZRqG\fytiOXY.dll,DllRegisterServer2⤵
- Process spawned unexpected child process