Overview

overview

1

Static

static

proforma invoice.xlsx

windows7-x64

1

proforma invoice.xlsx

windows10-2004-x64

1

Resubmissions

20/09/2022, 13:35

220920-qvqqrsgfem 1

20/09/2022, 08:04

220920-jyaqdscda7 1

Analysis

  • max time kernel
    147s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2022, 08:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    proforma invoice.xlsx

  • Size

    6KB

  • MD5

    daa9f1bb0e81f1ffa7806295049ab333

  • SHA1

    eb3c8cd724b977c238c8f849ac7914ae7c41b005

  • SHA256

    a2046509a2a9b58e32c158d6636e52a5d8afc24c9f6b4cf9a50ef34098759796

  • SHA512

    f83dac838b32c191f3e29109fd6ce83800eedcce0e6c8b70846d7101783a9262c80a1394b756c9a2800bbb78d59aa472a374fbb337e954672e78ddb7b1688183

  • SSDEEP

    96:tmsELLZttdwlMhVVCvkwQEeGIRf3UNaN2ZU37dvDqCk3YuL9UbbeZGvVs+3yIK:MsEhtzwlOV8vdQjm83pLnWYuqn/le

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\proforma invoice.xlsx"
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1976

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1976-54-0x000000002F7D1000-0x000000002F7D4000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1976-55-0x0000000071A01000-0x0000000071A03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1976-57-0x00000000729ED000-0x00000000729F8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1976-58-0x00000000762B1000-0x00000000762B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-59-0x00000000729ED000-0x00000000729F8000-memory.dmp

    Filesize

    44KB

    Download