Overview

overview

8

Static

static

8

inv1535.xls

windows7_x64

1

inv1535.xls

windows10_x64

1

Resubmissions

17/12/2020, 18:31

201217-fxv9p8zbw6 10

06/10/2020, 11:21

201006-tp1644sm8j 8

Analysis

  • max time kernel
    139s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    06/10/2020, 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    inv1535.xls

  • Size

    41KB

  • MD5

    a25f16b71feac96810800c7d281a93d8

  • SHA1

    e5d716e4d3687e79e99a70607bcbcec37ebfa73d

  • SHA256

    69ab644fb35bff52b9fb5b4d8cff404ea4269d01a0dc34ab7bac1fd9e353ef09

  • SHA512

    36e1890c5f269af77af20639048866267aec0d3d6a5184a35d89f7fd7c62a6406ea485801760b8301a8fcf73202c597499b061cb547f5ba37282b8be6c3c88bf

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\inv1535.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3924

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3924-0-0x00007FFAC5E90000-0x00007FFAC6556000-memory.dmp

    Filesize

    6.8MB

    Download