Overview

overview

5

Static

static

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�.xlsx

windows7-x64

1

邛崃市�...�.xlsx

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�.xlsx

windows7-x64

1

邛崃市�...�.xlsx

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�-.xls

windows7-x64

1

邛崃市�...�-.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...�).xls

windows7-x64

1

邛崃市�...�).xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

1

邛崃市�...��.xls

windows7-x64

1

邛崃市�...��.xls

windows10-2004-x64

5

邛崃市�...�.xlsx

windows7-x64

1

邛崃市�...�.xlsx

windows10-2004-x64

1

Analysis

  • max time kernel
    110s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 18:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    邛崃市固驿片区底商(正街133#附1#、建设街101#、金竹街)/外线/光缆接头信�.xls

  • Size

    15KB

  • MD5

    1bce5f63538ceefc9c616aa84a9d7dfa

  • SHA1

    fe66bdbb6fc2478c907146fecbe39977058c2b9b

  • SHA256

    41a16d224dabd2f60693a16329b0758e293e4dd14907daca579ad5016871af66

  • SHA512

    66260577f172de40953e06ec2e3e95b18ad8bee1fad8bb77ec35b6c8b49563cbee592743af5b2716fc5583c5685d3661c75707269f6f37b81eb14fa8d75a4480

  • SSDEEP

    384:w+++zvJS8bQ8cVe1tes/PkHspWqq3vT20lDeCx1YzhCYhqbp4/eWPmKWX4/azmYR:w+++zvJS8bQ8cVe1tes/PkHspWqq3vTc

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\邛崃市固驿片区底商(正街133#附1#、建设街101#、金竹街)\外线\光缆接头信�.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1240

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1240-54-0x000000002F051000-0x000000002F054000-memory.dmp

          Filesize

          12KB

          Download

        • memory/1240-55-0x0000000071431000-0x0000000071433000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1240-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1240-57-0x0000000075931000-0x0000000075933000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1240-58-0x000000007241D000-0x0000000072428000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1240-59-0x000000007241D000-0x0000000072428000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1240-60-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1240-61-0x000000007241D000-0x0000000072428000-memory.dmp

          Filesize

          44KB

          Download