Analysis
-
max time kernel
138s -
max time network
147s -
platform
windows10_x64 -
resource
win10 -
submitted
13/07/2020, 20:00
General
-
Target
SecuriteInfo.com.DOC.Kryptik.Q.17206.xls
-
Size
297KB
-
MD5
62e26facf7fccf4cd98fb2d8064bbda4
-
SHA1
6ca90193994b32e20f014b773e984be29cdb415f
-
SHA256
027e355c782feb5a0feec8d6fe004073e0d2f7d0d146fb81c3439f81e09d5aed
-
SHA512
aa7f178103bec3e3e2b8091e5a35fc00d68eb5809460fd7a785a1bddf0289d23ed603d82487e543df4a0e1435348f497f537e069574416f87b0416e5c208b4f6
Score
10/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Enumerates connected drives 3 TTPs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.DOC.Kryptik.Q.17206.xls"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\WbMFNqE\DTXZRqG\fytiOXY.dll,DllRegisterServer2⤵
- Process spawned unexpected child process
-