Analysis

  • max time kernel
    137s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    13-07-2020 14:17

General

  • Target

    INV+PL+BL-489492020.xls

  • Size

    192KB

  • MD5

    b379714e8daaf2673032f31b2a6abb07

  • SHA1

    b4f97dceff91b030a76dd19e45b91826fd382e86

  • SHA256

    4eaaf544257b0465bb8acff69b987abf00bd19a32fbc45bc0e57b8c66244553a

  • SHA512

    11e3989a2641872fb9a08f9d6d6af330eab9cc4c28a84b6801cfe91c56bc5c7fc224265e2afc6661a96cd8b71bd7298e53ae6b3440b4048600c15d131e6db6a4

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\INV+PL+BL-489492020.xls"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:3888

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads