Overview

overview

8

Static

static

8

Doc_3744.xls

windows7_x64

7

Doc_3744.xls

windows10_x64

1

Resubmissions

28-02-2021 17:05

210228-pjgnbjwth2 8

27-02-2021 12:13

210227-bpkha5za7s 8

27-02-2021 04:19

210227-7c1xkzg346 10

27-02-2021 03:32

210227-2xwvzgykxs 8

27-02-2021 03:29

210227-qgrlcph782 8

27-02-2021 03:16

210227-k82qfdjlve 8

27-02-2021 02:45

210227-mjxh7bv4wj 8

27-02-2021 02:23

210227-w6qfkjy5ha 8

27-02-2021 02:06

210227-r385kvgs32 8

26-02-2021 23:10

210226-yds8gthfax 8

Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    27-02-2021 03:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Doc_3744.xls

  • Size

    62KB

  • MD5

    47e22049644647ee854cedfe077156e7

  • SHA1

    20ad9f47616a8272dece2ec1039a88c09412c97c

  • SHA256

    5f2adacaf4ecb00ed24dd9dfe355307d0d6e786e40c945ad4c6d1ae3a4835d2a

  • SHA512

    1eeb87173378f4d0e157ee42f5b28e48ff84a35b44d71f004a6180cc2bdbc09e45c071adc7ab0a94c75071fbe3ee13b939ee8cb216b6f2e06c9c24ca34dbbf1b

Score
7/10
spyware

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Drops file in Windows directory 2 IoCs
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 54 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 26 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Doc_3744.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1908
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
      PID:1816
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:964 CREDAT:275457 /prefetch:2
        2⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:828
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
      1⤵
        PID:1716
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:432
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:1992

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
        MD5

        645278e32992298d7366e4e0ac9a360d

        SHA1

        14aa557d892ebdf5337e91b9b9ea8ba4e1ea7e50

        SHA256

        69f5ccba9de478a6e724aa9f26765151fa78b096ede32f599945cb192f61c1b4

        SHA512

        9b5922ca42eccbe5808ee4952e8978e6ec8d819db4a63f9283f560fea54bd01ad51dfc146e1238a067f45b5bfd3603fe43e81b850f35833a836d015c7720e024

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
        MD5

        e92176b0889cc1bb97114beb2f3c1728

        SHA1

        ad1459d390ec23ab1c3da73ff2fbec7fa3a7f443

        SHA256

        58a4f38ba43f115ba3f465c311eaaf67f43d92e580f7f153de3ab605fc9900f3

        SHA512

        cd2267ba2f08d2f87538f5b4f8d3032638542ac3476863a35f0df491eb3a84458ce36c06e8c1bd84219f5297b6f386748e817945a406082fa8e77244ec229d8f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
        MD5

        287448624c876ad9f10c94b9a4c88046

        SHA1

        988368e8881c6e4b02a9d2b64bf0f8951fe2347a

        SHA256

        912350454fdce792501156b813e58c4aa0e7404dda4ea1420d6369869e3579b0

        SHA512

        ce50d816bed7df110698cf8749653effb592c27e3ffa2ba4d4d8397529f8caa05f279060a2c6b6266a9684d6ec240fa286b936f22e189e9a475c660034783d65

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
        MD5

        a266bb7dcc38a562631361bbf61dd11b

        SHA1

        3b1efd3a66ea28b16697394703a72ca340a05bd5

        SHA256

        df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

        SHA512

        0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
        MD5

        207bce542b515f936cbfb1ee686ce769

        SHA1

        ef0cf6ed64dee9307192ab529b3b02fddec5b54f

        SHA256

        f5b336c1c13ae104245e6c68296ed100782b35875e035ee224ab62d473725b17

        SHA512

        457c1c91a5930339a1a15cab5a165ad42d221a6b62483338cf72494f3703cb6c1b791bc5ea9dfdb75abd8e2048711c6dc1d7828f7776c595b0b1edf1486a3769

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        MD5

        d01d6db05f88b6a1c806f4f0fa29950c

        SHA1

        ecfafae52f513ed0367e934be9fe09d9a330749a

        SHA256

        b90e4c043f7e3a6b31c63b432d064ca046ec2c6e4e8b19b001e9f580d80f7784

        SHA512

        ee9e60df1d39b96ac39f07605c44a86bb4f36ce2ce951c56dec85312684cb68859e2f799025c2e5d81991b9fbe119abae9da5a87dcc3df91134943f82cae5e3e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
        MD5

        9facaee4b5a0325bc3eb60c212f2643c

        SHA1

        85a5ba1081b7f7a02b9817c58712079e97c65c4e

        SHA256

        762af13a95352e17be3a8f86834804ea7ddffe21e28d12befbe79fc36c50636b

        SHA512

        8746412fa4696454d5affd609c22115283803b3545a80f160f96385541cfcf9cd56519fbf067cfe4a3615afa7a6bc8c58806ef500315a647b08d2526a21a9a85

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
        MD5

        1d5a9edf9fd6b6edcfce091ba20672d5

        SHA1

        41d6cacd1df75dd8e7bb75076034e824406e221d

        SHA256

        8739fdb15bd0e67af252577e12b49c5f3fd37b75d0c75535d27da45fee9ba8f6

        SHA512

        64f08d1795877a1335dd5687b2d5323e681c6c96c99b9e02f54ec20b494b1974868e4e3ab58575052f9ad5094efd7cb01e3d3f8bd23b427d054fa251b2f224d8

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{85B53161-78AB-11EB-94C0-CE0E229A55E0}.dat
        MD5

        3adc3f483686e1eadb14ba114c3c7960

        SHA1

        ab5b2f073cc4f9509450e5f9b71c9962502d919b

        SHA256

        57a4d00d773fa504b9c810a94b10419a7f5dc7be4e252debfa5eb73809e25b17

        SHA512

        be90150a2f57109fed81c0edd39ccba15d577542e3e37999dae4d9981e77545f42813749d023fb5746dc6d2a598522d06fb421ef538ecdaa0aef9e015844020c

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w5ukms8\imagestore.dat
        MD5

        0ba0053db20f8feb21021bb4ed6cbf68

        SHA1

        c340e119963edb1573183b28a320a55140e01c8e

        SHA256

        87ccaa785a2299f31e419fada6452a8a152a10737f49d39c321f0c94e3ae0ee9

        SHA512

        28dcf9f03aab5c03ec352e2de1de511d9742d1b0d868c0609491c043700acfb3addac7c5681471b66e6ee8d897251bb3a971136b9fa0a8fea0c3210cd47550ae

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w5ukms8\imagestore.dat
        MD5

        529a8d3d2b04f27b87d6ae1da831c580

        SHA1

        ab2292bc6e045ffb4f36f866d56ba78e78440322

        SHA256

        a188e83b6ebdf881cf0f175aac15d9550adc16a18e53d99e1295459c942f0075

        SHA512

        a763097962b26b852c62d527ec4b820ce326152694ab908afb7ca4807f0a8202629d752ba7950b46f2ae6b08052c5ecc701ff1f5dccfbae015510ab618a3525d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w5ukms8\imagestore.dat
        MD5

        c8a927eaa0bea3a370f8f00678196f2d

        SHA1

        95392c658e77112d0c881e59a35fd3a082150c5c

        SHA256

        4d201116f7340d0b8df7abd2ef0832a1646cb136f708f1125dd5b9d5cc6db66b

        SHA512

        0dda7e6ccd21ff86030019bdd1f9bd6ef176066fc11fd94481dde5bf1c213993befe2525b0ac5fdfc9cd95d89435f165145c018c7534c3bac03aea73d785f595

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D73194RS\favicon[1].ico
        MD5

        3f8e3af1f40a7cafe868d364e3e2f907

        SHA1

        2c7136f51bc0d827e3697c0ce187512dac85b28f

        SHA256

        0b2b3db805fd97731dc3557ec8b9e787137e9891af1f6d71fe46909236cf905b

        SHA512

        37921dcc1ed621ebc0614347b57c2585635c5039c2bb9bdafad6da22dc939263c3fdfabe98ba75640dcf02e7847dbd758b7d8be0aae9ad4c6d0ae6a0113e4399

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y40LK5PP.txt
        MD5

        0365fec5294a5eb03e1b7de2170d4f5b

        SHA1

        1678af5886cba0a119c1cd80ee38ce4b48ac5be6

        SHA256

        c504516f74900a92aa000736d925f89b154f2aac9fb89b58fd44b3fecc5d0136

        SHA512

        18c45e9f872766c4dc213db0684ebdf076f8efa0649eb9d93336b9722734159d904d691f3f27c46652511d1234a0789d5b880b10c8e38ff9a846cf4264059fea

        Download Submit

      • C:\dir.txt
        MD5

        7c343431cab9abf11cb3d1e03327532f

        SHA1

        f10eb9a7da92e80b1f7b7eb3c1a2f0a993e2dbbf

        SHA256

        689bb5acb42ee6cd86e8f6a24f0a062579a3e6e2703b63402c256883afa66f38

        SHA512

        f2b5ae6100f72d25d5c786ac0a68b992b2da2454557dc96cb15b4656ee90ba3416395fbd9d6e3182429b1cd7352bee92f00c888e3155682264c682d6285d9157

        Download Submit

      • memory/432-15-0x0000000001FD0000-0x0000000001FE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/432-14-0x000007FEFBBF1000-0x000007FEFBBF3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/432-20-0x0000000004170000-0x0000000004171000-memory.dmp

        Filesize

        4KB

        Download

      • memory/736-5-0x000007FEF76B0000-0x000007FEF792A000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/828-6-0x0000000000000000-mapping.dmp

        Download

      • memory/964-7-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1716-9-0x0000000076271000-0x0000000076273000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1908-2-0x000000002F941000-0x000000002F944000-memory.dmp

        Filesize

        12KB

        Download

      • memory/1908-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1908-3-0x00000000714A1000-0x00000000714A3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1992-16-0x0000000000000000-mapping.dmp

        Download