Analysis

  • max time kernel
    76s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    29-10-2020 04:37

General

  • Target

    doc_pack-2090896308.xlsb

  • Size

    24KB

  • MD5

    38a53c3087d1f991f3a5bfc30b9d2a6f

  • SHA1

    9b6e16959de7012afc3105ffbb376fbc5a9e1aee

  • SHA256

    24f5c086690aa4bc603f848070aad2509e4efcfae480ad566e048a65b2be06a8

  • SHA512

    9f0f6039e500246907aa4452292ddb1c8fc3285bd0e310a48cb29b3d2c04e377f46cae4fa8481e70efcb2bd835c7bab3fc02fa00df8f2d3d82c000e4a75ccb51

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\doc_pack-2090896308.xlsb
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/648-0-0x0000000001E00000-0x0000000001E01000-memory.dmp

    Filesize

    4KB

  • memory/648-2-0x0000000001E00000-0x0000000001E01000-memory.dmp

    Filesize

    4KB

  • memory/648-4-0x0000000001E00000-0x0000000001E01000-memory.dmp

    Filesize

    4KB

  • memory/660-5-0x000007FEF7500000-0x000007FEF777A000-memory.dmp

    Filesize

    2.5MB