Resubmissions

17-12-2020 17:17

201217-f5b1rz4352 10

08-12-2020 15:09

201208-l8pbgx1xqe 8

Analysis

  • max time kernel
    139s
  • max time network
    151s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    08-12-2020 15:09

General

  • Target

    Doc-7679.xls

  • Size

    31KB

  • MD5

    e40c18535c48fdfe3b2e841d51c94038

  • SHA1

    6e1e23e8891a8ecd8ee3d85bc77c281f4b6be63b

  • SHA256

    d930f445a9053bfefd0cba7bf24b4ec7b267d5c498d4397d1bc694fcf0c68843

  • SHA512

    ec1457b453beca0e7d543c2652f3b58b6a0f976abec2cb979f867518657a6a4248998febe37086d60dc3c193cb6a4e968bcd747c5541372dc0ed0f033e865bd7

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Doc-7679.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2604

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2604-2-0x00007FF8965C0000-0x00007FF896BF7000-memory.dmp

    Filesize

    6.2MB