Analysis

  • max time kernel
    123s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-12-2020 17:19

General

  • Target

    New order.xls

  • Size

    80KB

  • MD5

    bfa6b801f26f67cc2231d4191a2486e5

  • SHA1

    d6c3fe24036c6b402eeb80e065a11280aa236625

  • SHA256

    076c11df218d9fd86a809bb3e3b4a9c2211caad31e630d731d64592bee49eec4

  • SHA512

    b06a89f9606533c9c7c6c0884c76c7e59919e1b66425e7e7f97d11bb2faafea80ed379c056c440269f3c6b132c297ea90172f54f893600747609d67a1202367b

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\New order.xls"
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1072

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads