Resubmissions

02-02-2021 17:05

210202-x4ffykjpzn 10

01-02-2021 15:18

210201-6pjhlsllq2 10

Analysis

  • max time kernel
    150s
  • max time network
    91s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    01-02-2021 15:18

General

  • Target

    agreement-84.xls

  • Size

    125KB

  • MD5

    cf489853a42fb7520f19242a8921775d

  • SHA1

    734e56466b525e822436b61f13a76eda051ea15a

  • SHA256

    0e094197fca1947eb189006ddeb7d6ad9e5d1f58229e929bc0359887ed8a667d

  • SHA512

    6f0cd4126162830b6739509abd3762507c2f300c87414775a094076e624d1f5b6e113b48aa342f238f25bc0d39208959bd134e462d2215d69224832df9a23c62

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://eyeqoptical.ca/ds/3101.gif

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\agreement-84.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1432-2-0x000000002FD91000-0x000000002FD94000-memory.dmp

    Filesize

    12KB

  • memory/1432-3-0x00000000713C1000-0x00000000713C3000-memory.dmp

    Filesize

    8KB

  • memory/1432-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/1728-5-0x000007FEF74A0000-0x000007FEF771A000-memory.dmp

    Filesize

    2.5MB