Overview

overview

10

Static

static

8

notif_2227.xlsb

windows7_x64

10

notif_2227.xlsb

windows10_x64

10

Analysis

  • max time kernel
    71s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    16-03-2021 05:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    notif_2227.xlsb

  • Size

    67KB

  • MD5

    b9331085a13ece7ef497f93dcd2741d6

  • SHA1

    c8a844989501bf3e47266d4d5a5e083856bb0feb

  • SHA256

    07f7f5ac05c7d09206105d3827cdf09e69575f74a0337824ffb0c7fa19dbac0a

  • SHA512

    6f4720aa130e45f0c8b1f1f04ae1041c74d4646a04e23e2dd23400333f123b3c3838986e68e101649933951c73665e9bf5d766f762362bea71f3e00d450e0e11

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://obbligo.bar/register.jpg

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\notif_2227.xlsb
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\YmiReEE\foBcwbz\KCmUWqT.dll,DllRegisterServer
      2⤵
      • Process spawned unexpected child process
      PID:1080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/368-5-0x000007FEF7BD0000-0x000007FEF7E4A000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1080-6-0x0000000000000000-mapping.dmp

    Download

  • memory/1080-7-0x00000000765A1000-0x00000000765A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1656-2-0x000000002F511000-0x000000002F514000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1656-3-0x0000000071A81000-0x0000000071A83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1656-4-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download