Overview

overview

8

Static

static

8

Doc_3744.xls

windows7_x64

1

Doc_3744.xls

windows10_x64

7

Resubmissions

28-02-2021 17:05

210228-pjgnbjwth2 8

27-02-2021 12:13

210227-bpkha5za7s 8

27-02-2021 04:19

210227-7c1xkzg346 10

27-02-2021 03:32

210227-2xwvzgykxs 8

27-02-2021 03:29

210227-qgrlcph782 8

27-02-2021 03:16

210227-k82qfdjlve 8

27-02-2021 02:45

210227-mjxh7bv4wj 8

27-02-2021 02:23

210227-w6qfkjy5ha 8

27-02-2021 02:06

210227-r385kvgs32 8

26-02-2021 23:10

210226-yds8gthfax 8

Analysis

  • max time kernel
    38s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    27-02-2021 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Doc_3744.xls

  • Size

    62KB

  • MD5

    47e22049644647ee854cedfe077156e7

  • SHA1

    20ad9f47616a8272dece2ec1039a88c09412c97c

  • SHA256

    5f2adacaf4ecb00ed24dd9dfe355307d0d6e786e40c945ad4c6d1ae3a4835d2a

  • SHA512

    1eeb87173378f4d0e157ee42f5b28e48ff84a35b44d71f004a6180cc2bdbc09e45c071adc7ab0a94c75071fbe3ee13b939ee8cb216b6f2e06c9c24ca34dbbf1b

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 61 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Doc_3744.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4684
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4440
    • C:\Windows\system32\reg.exe
      reg export HKLM 12.txt\
      2⤵
      • Checks BIOS information in registry
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:1768
    • C:\Windows\system32\reg.exe
      reg export HKLM 12.txt
      2⤵
      • Checks BIOS information in registry
      • Checks processor information in registry
      • Enumerates system info in registry
      PID:1896
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:82945 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:232
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4148
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
      1⤵
        PID:1940

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4684-2-0x00007FFEC57A0000-0x00007FFEC57B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4684-6-0x00007FFEC57A0000-0x00007FFEC57B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4684-5-0x00007FFEEB2F0000-0x00007FFEEB927000-memory.dmp

        Filesize

        6.2MB

        Download

      • memory/4684-4-0x00007FFEC57A0000-0x00007FFEC57B0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4684-3-0x00007FFEC57A0000-0x00007FFEC57B0000-memory.dmp

        Filesize

        64KB

        Download