Analysis
-
max time kernel
151s -
max time network
106s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-12-2020 17:17
General
-
Target
Doc-7679.xls
-
Size
31KB
-
MD5
e40c18535c48fdfe3b2e841d51c94038
-
SHA1
6e1e23e8891a8ecd8ee3d85bc77c281f4b6be63b
-
SHA256
d930f445a9053bfefd0cba7bf24b4ec7b267d5c498d4397d1bc694fcf0c68843
-
SHA512
ec1457b453beca0e7d543c2652f3b58b6a0f976abec2cb979f867518657a6a4248998febe37086d60dc3c193cb6a4e968bcd747c5541372dc0ed0f033e865bd7
Score
10/10
Malware Config
Extracted
Language
xlm4.0
Source
URLs
xlm40.dropper
https://www.localco.ae/wp-scan.php
xlm40.dropper
https://sadiahyat.com/scan.php
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Doc-7679.xls1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Users\Public\Documents\jxi09.txt,DllRegisterServer2⤵
- Process spawned unexpected child process
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.5MB