Overview

overview

10

Static

static

8

f80475f3b1...a2.xls

windows7-x64

10

f80475f3b1...a2.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    69s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    31-07-2022 09:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f80475f3b147585f0759beddf6b202233d9c290d3be88a61342a4a710f7f7fa2.xls

  • Size

    721KB

  • MD5

    0f6482fe2d1da3b7bdaad90e3a452a05

  • SHA1

    c4ab820ae880756f72d9fb3f4d6204fdf71b24de

  • SHA256

    f80475f3b147585f0759beddf6b202233d9c290d3be88a61342a4a710f7f7fa2

  • SHA512

    d8bc01e2c8ecb65c6b01dd59f30c34e01f740afc9272e385946160212f48bacafeeb60104f45e000c0b768c592463b9c486dcc2f120a74565645601518f485b9

Score
10/10
ta505upx

Malware Config

Signatures

  • TA505

    Cybercrime group active since 2015, responsible for families like Dridex and Locky.

    ta505
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\f80475f3b147585f0759beddf6b202233d9c290d3be88a61342a4a710f7f7fa2.xls
    1⤵
    • Loads dropped DLL
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Roaming\libGTPK1.dll
    Filesize

    276KB

    MD5

    f53b9b085a2e3e2c4205498ddd7dad1c

    SHA1

    ad59e7ca04743276c5e9015ab33921917ad8cc55

    SHA256

    b8934160069b383aa871812d31aae502359991e90882e379737edf35e32eb35f

    SHA512

    8a49595d1bce93ecdf6742ed7c25315a9d7ec1434b61e1d0c7f86a09ddcc29a93737e5be74333a41090774a6811c6759268e67c5824cd8451b87612695d2ebc3

    Download Submit

  • memory/1972-54-0x000000002F331000-0x000000002F334000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1972-55-0x0000000071121000-0x0000000071123000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1972-57-0x000000007210D000-0x0000000072118000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1972-58-0x0000000075371000-0x0000000075373000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1972-60-0x0000000010000000-0x0000000010048000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1972-61-0x000000007210D000-0x0000000072118000-memory.dmp

    Filesize

    44KB

    Download