Analysis
-
max time kernel
72s -
max time network
21s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 16:18
General
-
Target
586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb.xls
-
Size
54KB
-
MD5
08037f2bf6b8fe9ae8c245903af45729
-
SHA1
2836aa101a02a284c6df9ed17bd092f25c34f80f
-
SHA256
586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb
-
SHA512
2e0ffec3933f66b623e2eded690497115f251036d282dc915721b61175164eeb0573a1c4706b1f84453c9286ff1b8c3f7a1756fdd41d532dcf8e9dc24c22dc1e
Score
10/10
Malware Config
Extracted
Language
xlm4.0
Source
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\586bd4e1f5f41569b260ce6cc6b5243bee2209c35915d1a3050cf4196c6133eb.xls1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32 C:\IntelCompany\JIOLAS.RRTTOOKK,DllRegisterServer2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/524-2-0x000007FEF79D0000-0x000007FEF7C4A000-memory.dmpFilesize
2.5MB
-
memory/1616-3-0x0000000000000000-mapping.dmp