Analysis
-
max time kernel
148s -
max time network
137s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
04-05-2021 15:01
Static task
static1
Behavioral task
behavioral1
Sample
Price list.xlsm
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
Price list.xlsm
-
Size
64KB
-
MD5
dc48640ca8488d4c4e61b807ef19d11c
-
SHA1
e2cfbc565e62b269a7bfbdf2b3c060e52aaa6614
-
SHA256
c8f3d97c54386b86778a1d20917353583bcf706ffe0615d962683d55e449bcab
-
SHA512
06d0b3420f784cad69e11202271b99f47c7c5eeca68de9a5e01da6ebf2c5b25414ec242dd4517eeff43fcd239ec8ded073a9317c1140ae9e3c6b620b6af741b9
Score
1/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Processes:
EXCEL.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 1676 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
EXCEL.EXEpid process 1676 EXCEL.EXE 1676 EXCEL.EXE 1676 EXCEL.EXE 1676 EXCEL.EXE 1676 EXCEL.EXE 1676 EXCEL.EXE 1676 EXCEL.EXE 1676 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\Price list.xlsm"1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx