Payment_Advise.xlsx
General
Target
Filesize
Completed
Payment_Advise.xlsx
360KB
22-10-2021 18:23
Score
1/10
MD5
SHA1
SHA256
34f843f6f1b3011a7cdb63753853ef58
922ebd64f7ffe9d8548d467b631f6bdf2ede6106
fbdb8f368721ccfea456f2e6f232304acff371bdb62a5140b9fc44bd224e0d57
Malware Config
Signatures 2
Filter: none
-
Suspicious behavior: AddClipboardFormatListenerEXCEL.EXE
Reported IOCs
pid process 4032 EXCEL.EXE -
Suspicious use of SetWindowsHookExEXCEL.EXE
Reported IOCs
pid process 4032 EXCEL.EXE 4032 EXCEL.EXE 4032 EXCEL.EXE 4032 EXCEL.EXE
Processes 1
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXEPID:4032"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Payment_Advise.xlsx"Suspicious behavior: AddClipboardFormatListenerSuspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/4032-115-0x00007FF963030000-0x00007FF963040000-memory.dmp
-
memory/4032-116-0x00007FF963030000-0x00007FF963040000-memory.dmp
-
memory/4032-117-0x00007FF963030000-0x00007FF963040000-memory.dmp
-
memory/4032-118-0x00007FF963030000-0x00007FF963040000-memory.dmp
-
memory/4032-119-0x000001E5F5440000-0x000001E5F5442000-memory.dmp
-
memory/4032-120-0x000001E5F5440000-0x000001E5F5442000-memory.dmp
-
memory/4032-121-0x00007FF963030000-0x00007FF963040000-memory.dmp
-
memory/4032-122-0x000001E5F5440000-0x000001E5F5442000-memory.dmp
Title
Loading data