Overview

overview

10

Static

static

10

89e6e635c1...4c.xls

windows7-x64

10

89e6e635c1...4c.xls

windows10-2004-x64

10

Resubmissions

28-12-2022 03:41

221228-d8w4gscd5x 10

09-04-2020 14:52

200409-4eb6rljnsx 10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28-12-2022 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c.xls

  • Size

    111KB

  • MD5

    c7f273947124d844d77b7c376a9393b4

  • SHA1

    3497bea7fbb12fa3d62fce071fdb22ca53bfbddb

  • SHA256

    89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c

  • SHA512

    b44a5e25276cb98cffa8a5d815d1802e817101cf028216761efb85f65610da2af1741f549fa7738985650dda8727bb7ccc1f36e5ac8baf2fc2ec004bf2c07b0d

  • SSDEEP

    3072:+0k3hbdlylKsgqopeJBWhZFGkE+cLax9M5QeSqA6JhzmuoVJEm9lKOXm:tk3hbdlylKsgqopeJBWhZFVE+Wax9MM9

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://samphaopet.com/wp-content/uploads/2020/02/idle/111111.png
xlm40.dropper

http://icietdemain.fr/contents/2020/02/idle/222222.png
xlm40.dropper

http://careers.sorint.it/idle/33333.png
xlm40.dropper

http://uniluisgpaez.edu.co/wp-content/uploads/2020/02/idle/444444.png

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\89e6e635c1101a6a89d3abbb427551fd9b0c1e9695d22fa44dd480bf6026c44c.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/872-54-0x000000002FB21000-0x000000002FB24000-memory.dmp

    Filesize

    12KB

    Download

  • memory/872-55-0x00000000716D1000-0x00000000716D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/872-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/872-57-0x00000000726BD000-0x00000000726C8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/872-58-0x00000000767C1000-0x00000000767C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/872-59-0x00000000726BD000-0x00000000726C8000-memory.dmp

    Filesize

    44KB

    Download