Overview

overview

10

Static

static

NEW PURCHA... .xlsx

windows7_x64

10

NEW PURCHA... .xlsx

windows10_x64

1

Analysis

  • max time kernel
    70s
  • max time network
    127s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-01-2021 08:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEW PURCHASE REQUIREMENT .xlsx

  • Size

    2.1MB

  • MD5

    63fc87b0bb258315f3e229d16b933768

  • SHA1

    65fedd6ad7f14125a17b24831d66d31a57634ad5

  • SHA256

    5a814e460fc7723ec36e5f1451a7e0349bfce280c1f935b432378d666ce95044

  • SHA512

    a576575deb7143a202f1f066e3582b36a094dbd0ad6aeef0eaf8f6ee76562339627c1b5c38c38be54f32c56f7f49cf0554e524661fe8c7bede793e8f6ef70ba4

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\NEW PURCHASE REQUIREMENT .xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1144

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-2-0x00007FFB55D00000-0x00007FFB56337000-memory.dmp
    Filesize

    6.2MB

    Download