Overview

overview

10

Static

static

3432.xlsx

windows7_x64

10

3432.xlsx

windows10-2004_x64

10

decrypted.xlsx

windows7_x64

10

decrypted.xlsx

windows10-2004_x64

6

Analysis

  • max time kernel
    115s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    12-07-2022 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3432.xlsx

  • Size

    133KB

  • MD5

    53ca1cb055fc378db64fb5da2be2dffe

  • SHA1

    660385a656c78e079c9c5969c6cb8a490d2271df

  • SHA256

    dccbc6302f527a55848059cfbd9345e9697dfd9ce1a010b620c12a56db76e062

  • SHA512

    66442c4f67edc443143298418ac87a635dfd1a5613e2cc48fc3a5d449b2124a1ed9a5d4d75df723fe5ae239f2d49f3a517612268ab864a8eefd9995902a03a86

Score
10/10
googlephishing

Malware Config

Signatures

  • Detected google phishing page
    phishinggoogle
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\3432.xlsx
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1396
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://accounts.google.com/v3/signin/identifier?dsh=S1829085353%3A1657636588782748&continue=https%3A%2F%2Fsites.google.com%2Fview%2Fdouments%2Fexcel-online&followup=https%3A%2F%2Fsites.google.com%2Fview%2Fdouments%2Fexcel-online&osid=1&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&ifkv=AX3vH3-YgG7Tzpap7-ebN75O272FpJFfA2a6EOFdn1xdDpCJV55zYOo_Z5EWWBjL49ssXV108mktrQ
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:308
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:308 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1956

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    e4bf91bddcb594ce03b19a0766b7e082

    SHA1

    883aa813de71f04406b7fdf24ad0ee3b76585745

    SHA256

    2fa63b331a7664f45a8cffd1b8aa8cfd1b66cfdea8a59f17806b52159ff678d9

    SHA512

    6a0d03940be8be33df3520703d2509e0f1dcaee8e4548c9a00e1b88c1fc8e448ec1825f610214e43566b5b54620bfab5a6749cd0f24ee5c1002352537a435bbf

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_D286E324D13B58F35DA77B01A840D7C0
    Filesize

    472B

    MD5

    b4447af54ff22e7bf5dc6db8992b8eb4

    SHA1

    81688ab45d876c3aa458b5167f9da115c1ac4614

    SHA256

    034c27e0d12b889b7a4578424eac67a0a390af43ae453d2e89586a344892cd48

    SHA512

    07e3f89e46e0b287b4dae5dd27e0cab5fae7eabbcbb1113f0670512298e7dca01b7044062ed380ad7e9e30f1c03212da852433e75e532330ba6b785d1239b119

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    5a11c6099b9e5808dfb08c5c9570c92f

    SHA1

    e5dc219641146d1839557973f348037fa589fd18

    SHA256

    91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

    SHA512

    c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    7ed88d2b1c5773d7324b777dc77523ce

    SHA1

    1b385cbcab34b17217961aaef37609655bf326a8

    SHA256

    f1e284bd958dd8b9a4cf2620e7b22dc98decec6d0d5004e3d884722a7b29b9df

    SHA512

    e45d05818f5b9860d528b231ff987e4a7f02c50da7760613858b8952428acedacdb938e16ce9d112a8be668cbde6079821ec642ff613575d8f8a6b9022782687

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_D286E324D13B58F35DA77B01A840D7C0
    Filesize

    406B

    MD5

    4bcb4e6372a8f03e2745834de2a4fddf

    SHA1

    6f76a6e994bf2d7e2b01c0c4742e9e3fb4fe3c45

    SHA256

    0cd49b49fb24b554098e625c90a3f7f0d03fadb679850d8062f2e27c52a3766f

    SHA512

    82ecbbf6e53d8732aa5ad2d74dac29bf6cdad6f1cb3ab60b21f83d44b6d3c187aae3c2749fbce028f4b5d718b7eebe727fb59bd6f11293dd5ac4fbec741796e4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    01b33886696d97ae228fd4696331c552

    SHA1

    bbb7a6397a92ba8ccaf3cab3b7f2d49779d8300a

    SHA256

    d4a9d34542c5de621450cd9d2f2dc32b3f24b99931896131de014655e87c5274

    SHA512

    7ce11e25211ca15f702d83b005619a4f0975038066fae0fec9c2e96a18f18893496318343f4c821e3595fd6f288ea9781cc72d41ab48fa22e752347cae01b01e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    21976786b06546994621b607b7c3969e

    SHA1

    8a3ec8929c663c86ca691eb523828460b043d18d

    SHA256

    64f772a2dd7258b82372a744c24679bc5604358ba3a255d5ecd34d64b1cfb70f

    SHA512

    8aade59c861f8a690f15af714502c32fdf3bc2f7c64928411f379998342d7ec365c5d3a5c364b5afad442a9b6e95a11738cf262ea97c8d001b025f14cb012389

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    9KB

    MD5

    9a3d81e05a25679842c08d166c258e69

    SHA1

    594d405db28336c61eabdb334ed7760080305111

    SHA256

    1a834f895353e69255bbf5f28af28da2d68d149f7ed3576518755e0bd7c7ff7e

    SHA512

    de0da80bbe953e9883575233d4ee782aea7378621722b9101420e602365cd184c951f9831e8f403d11282b09230c3d0246d2c308947cac95fea3ccf5114ae899

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0SPZ0X1D.txt
    Filesize

    605B

    MD5

    fa32dd756aa44862b7c8439f18ac79d9

    SHA1

    f7d3a41d93ccdcb9b2b0bd42ddc3edb9c03681e1

    SHA256

    24a586b9f0d744f668bdc42ab179710882cf2aa169aeb69bfd57e647dc30ba7f

    SHA512

    c8e60ceba170479787bc436137929c3a864dcdf0151a2e95486f39b9816ea7519b6c6be9ccac1340860c48ddf8987bad732ac990ece60133de805672ed673c5a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MU8R9XJ9.txt
    Filesize

    238B

    MD5

    3792d8b372cf77c3d40d39cdcbb13d4d

    SHA1

    90e4a8ce71750e7de42d8b1915bd6e2227e131a7

    SHA256

    207c95a5748e31f7cc249246cc7c32699ed1c14b6281ce530c0dba632a977960

    SHA512

    e0d458de842da7cdfa48ea7a81acc57b39e534ab4093c3f6ae644d5f184ef11837fcbcfcf9c80116f6dc0ca718eb42ba3e32f358d2a1b28be2bbfd66187c028f

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U8LEX6ET.txt
    Filesize

    130B

    MD5

    fe50e74acc3c43db1a0476af722e6ac7

    SHA1

    4689951f83e9201a3c8107d9ab6327ca5ffab542

    SHA256

    922bed7ef10bdaaf8f47f2522610a8209c48bb01d507f17407d64b29de81cf0f

    SHA512

    841ee9754e4864edac2b959345c5be459ee4ea3f655dab88c882f295da47f7385c8e2274bae37456f73e60e9cf58aa63ef829b9d02346ac11b51da59dedbf254

    Download Submit
  • memory/1396-59-0x0000000071F3D000-0x0000000071F48000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1396-58-0x0000000071F3D000-0x0000000071F48000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1396-57-0x0000000075C71000-0x0000000075C73000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1396-56-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1396-55-0x0000000070F51000-0x0000000070F53000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1396-54-0x000000002FA01000-0x000000002FA04000-memory.dmp
    Filesize

    12KB

    Download