Analysis
-
max time kernel
151s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
11-12-2020 18:35
General
-
Target
Document931215825.xls
-
Size
53KB
-
MD5
7054f04adc0695c6c8a1853526e13468
-
SHA1
dd8e0f4b4fe228985acaad81c7a8af5c575e3b0e
-
SHA256
62d8cab8ec8b81bf3bd5a75ceca7b12bb2b26f4a40ded2320fdcfd33a49349d7
-
SHA512
afa7d010c4b36cc681cef843964fb008b7d95e68501b9566cbc073038f5b1380e73aacbd187ac3694673a3c90453931a5479a61fb23138bc28d1d8425bece723
Score
1/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 67 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 79 IoCs
-
Suspicious use of SendNotifyMessage 79 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Document931215825.xls1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage