77993430a884344d7de54e69aa1d4b4e0fc81327f3cf7c8d39b5aba710518fa3 | Triage

Analysis

max time kernel
131s
max time network
134s
platform
windows10_x64
resource
win10v20201028
submitted
14-01-2021 06:56

Sharing

Report Analysis Logs

General

Target

NEED DRAFT discounting bank name & price LC USD48942631xls.exe
Size

8.8MB
MD5

27193c475f1439de214dbfe9c7b2c928
SHA1

4015a10b7970ddaf78ef79d3f4562ad6c65f9ff6
SHA256

77993430a884344d7de54e69aa1d4b4e0fc81327f3cf7c8d39b5aba710518fa3
SHA512

afac86ff53797cdaa759b548da33ecdcd026567e4e3006df8b52ab6657514d32133b3c6f06106cba4b7fa1751ad4ae38346567b208cedba2ee56ed533c53f029

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

NEED DRAFT discounting bank name & price LC USD48942631xls.exe

pid	process
828	NEED DRAFT discounting bank name & price LC USD48942631xls.exe
828	NEED DRAFT discounting bank name & price LC USD48942631xls.exe
828	NEED DRAFT discounting bank name & price LC USD48942631xls.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

NEED DRAFT discounting bank name & price LC USD48942631xls.exe

pid	process
828	NEED DRAFT discounting bank name & price LC USD48942631xls.exe
828	NEED DRAFT discounting bank name & price LC USD48942631xls.exe
828	NEED DRAFT discounting bank name & price LC USD48942631xls.exe

C:\Users\Admin\AppData\Local\Temp\NEED DRAFT discounting bank name & price LC USD48942631xls.exe
"C:\Users\Admin\AppData\Local\Temp\NEED DRAFT discounting bank name & price LC USD48942631xls.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:828

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...