Overview

overview

10

Static

static

8

Attachment_97775.xlsb

windows7_x64

10

Attachment_97775.xlsb

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    02-03-2021 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Attachment_97775.xlsb

  • Size

    197KB

  • MD5

    f3816c84f0ba476a6a110432d3f15b0b

  • SHA1

    75b31cd545c4d84116a387430ee4f87d08298cdc

  • SHA256

    5678487ef48332defdc02c465cd87285393b4003809ea95a7ae1355bcb6dab53

  • SHA512

    32f34a80536137247016592446138d2e3ab4e3d8a3bfc1e27b857b5056bcd702cdae29330e77ec9189a7ee76fba9c43a7406f51f23719727f7c4af47eff29a30

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://195.123.219.21/campo/t3/t3

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Attachment_97775.xlsb
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\ProgramData\uoxv\67.dll,DllRegisterServer1
      2⤵
      • Process spawned unexpected child process
      PID:1776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\uoxv\67.dll
    MD5

    ee3276f8ddbbfe9552e55418e368f024

    SHA1

    c760fcd61b8f61ca60ae63987dc2705cbdb3bee6

    SHA256

    7a78b75bc0d6b97dd29198a29b276dfa53b410a28a7335d51e0ac69d1f6e04c5

    SHA512

    b0966a83aed724275a97ead87e91998e86d262660048c32ccf0292373918846784705210745ec96aaac1c79b2e0f6533e7bd8735c7d490e64ce0a884aa8c117e

    Download Submit

  • memory/1592-5-0x000007FEF6460000-0x000007FEF66DA000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1676-2-0x000000002F581000-0x000000002F584000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1676-3-0x00000000715E1000-0x00000000715E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1676-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1776-6-0x0000000000000000-mapping.dmp

    Download

  • memory/1776-7-0x0000000075F21000-0x0000000075F23000-memory.dmp

    Filesize

    8KB

    Download