Overview

overview

5

Static

static

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�.xlsx

windows7-x64

1

邛崃市�...�.xlsx

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�.xlsx

windows7-x64

1

邛崃市�...�.xlsx

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�-.xls

windows7-x64

1

邛崃市�...�-.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�).xls

windows7-x64

1

邛崃市�...�).xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

5

邛崃市�...�.xlsx

windows7-x64

1

邛崃市�...�.xlsx

windows10-2004-x64

1

Analysis

  • max time kernel
    337s
  • max time network
    407s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    邛崃市固驿片区底商(正街133#附1#、建设街101#、金竹街)/外线/光缆信息表-.xls

  • Size

    21KB

  • MD5

    339ab1be2c9ae4f4e22429d8136bd512

  • SHA1

    b02ad2a0c25be9ebdca67ca0d8ad617901aa323c

  • SHA256

    382b00c83815012d6237b6ef5ea0dbf10ffedc67cead1c2b667bfc730d294715

  • SHA512

    606ec552b109fc3bba5da126f73bec54de600961657f19e0a5c7fc99876a6b4c038e75954929630ba7b25641355d2cfe630ce44884d13210025b993a7327b5b8

  • SSDEEP

    384:Ia+++zJet8kcSe8bv/1VMQPHCI06qq3vT2ujFkIfzS1PIShqbp4/gnX/KWX4/+o4:Ia+++zJet8kcSe8bv/1VMQPHCI06qq3t

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\邛崃市固驿片区底商(正街133#附1#、建设街101#、金竹街)\外线\光缆信息表-.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2636

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2636-132-0x00007FFCD83D0000-0x00007FFCD83E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-133-0x00007FFCD83D0000-0x00007FFCD83E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-134-0x00007FFCD83D0000-0x00007FFCD83E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-135-0x00007FFCD83D0000-0x00007FFCD83E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-136-0x00007FFCD83D0000-0x00007FFCD83E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-137-0x00007FFCD6260000-0x00007FFCD6270000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2636-138-0x00007FFCD6260000-0x00007FFCD6270000-memory.dmp

    Filesize

    64KB

    Download