Analysis
-
max time kernel
143s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 16:19
General
-
Target
Document_1495694596-Copy.xls
-
Size
43KB
-
MD5
e758a4b1340fd50274edefd581cd8c52
-
SHA1
945f507232ddbe940e09ac69a4e8592aa55590ed
-
SHA256
4e2f37d4228e78faa1f34121ee934f58e1a9862ad6f183edf4c24e08cda20363
-
SHA512
3393143e4215b8cff172d7a4a79d6116667ebc0999ab3eea1656616375856a798e8b5caf4728deb4cae1ecef4e83405c145b8373dca6f101654470f525d4f269
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Document_1495694596-Copy.xls1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32 ..\AppData\Kipofe.mmaallaauu,DllRegisterServer2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Kipofe.mmaallaauuMD5
9c5328e73595b60e313d71e41ee9634a
SHA1b3e2b75a8f80d0e28109a6b187b61fb990f17752
SHA2564c9a1498b1ab24080747d92d83367ffeb42512f38330064bf81ef21d0e658cc7
SHA5129a345ea4c1f323e5531738571e91f84a55279240462c02b459c8a27a83f062e71c95b4b00c2a7df2a86a1052654b36f8b43467c94dbac04fccf1428ea4cd1036
-
memory/924-3-0x0000000000000000-mapping.dmp
-
memory/1416-2-0x000007FEF6010000-0x000007FEF628A000-memory.dmpFilesize
2.5MB