Resubmissions
28-07-2021 13:52
210728-4qkz5rekcj 828-07-2021 13:44
210728-elk8tqvbzn 826-07-2021 17:06
210726-bjcdwdpy5a 8Analysis
-
max time kernel
1442s -
max time network
1492s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
28-07-2021 13:52
Static task
static1
Behavioral task
behavioral1
Sample
Invoice_42365756.xlsm
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Invoice_42365756.xlsm
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
Invoice_42365756.xlsm
-
Size
331KB
-
MD5
b7cf2052ee1681f71c9eeea22d44e3e5
-
SHA1
48e3aa45c9929926e31a0ef938da61345ea1b922
-
SHA256
df7e4b16f900d23eb532fbf32df859b7bb554ebf738efc81da09642d873e523a
-
SHA512
8fb4e64544557b36be0de8bde0dbd03cde1411c1be3f5a4aa1724cbd961f4a0640d83d05afa768cb1dd2dc4f8d2cd6bdf65307d755e7e83f08d4f808fe168037
Score
1/10
Malware Config
Signatures
-
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Processes:
EXCEL.EXEdescription ioc process Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105" EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel EXCEL.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1" EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes" EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt EXCEL.EXE Key created \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote EXCEL.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000" EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 520 EXCEL.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
EXCEL.EXEpid process 520 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
EXCEL.EXEpid process 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE 520 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Invoice_42365756.xlsm1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx