Overview

overview

8

Static

static

8

fe47bb0f21...7b.xls

windows7-x64

1

fe47bb0f21...7b.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2022 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe47bb0f21830af43260f3534ae83fcd5539ad7c20cfbb02b5b8e264b23e9b7b.xls

  • Size

    35KB

  • MD5

    bd44b3ee2126057f881836cc5deb9bbb

  • SHA1

    901a11cff2d813564aa31e453ef0bc35985471c6

  • SHA256

    fe47bb0f21830af43260f3534ae83fcd5539ad7c20cfbb02b5b8e264b23e9b7b

  • SHA512

    bac1f3defe584166a2685f5cb26b647a4eef4229409a5fa3f1b7fae99437fbd978d0b0f0dda289fe834e9f2ffd562afb86bcccec6dc8962175ff110400d3d4ff

  • SSDEEP

    384:wHHvQyr2G5StkhTU/WREYJDj5r4uY68ufR8:wHHvt2B2mORrZ/2

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\fe47bb0f21830af43260f3534ae83fcd5539ad7c20cfbb02b5b8e264b23e9b7b.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4824

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4824-132-0x00007FFA31DD0000-0x00007FFA31DE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4824-133-0x00007FFA31DD0000-0x00007FFA31DE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4824-134-0x00007FFA31DD0000-0x00007FFA31DE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4824-135-0x00007FFA31DD0000-0x00007FFA31DE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4824-136-0x00007FFA31DD0000-0x00007FFA31DE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4824-137-0x00007FFA2FA60000-0x00007FFA2FA70000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4824-138-0x00007FFA2FA60000-0x00007FFA2FA70000-memory.dmp
    Filesize

    64KB

    Download