Analysis
-
max time kernel
168s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
29-01-2023 19:21
General
-
Target
46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2.xls
-
Size
36KB
-
MD5
b69c73c1931dc1e26cb0dd2ff17cf220
-
SHA1
3a28260960a7b9cebf5a9837124dda46f231ec46
-
SHA256
46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2
-
SHA512
687f03db06b7681219ce207deb2262656a7351d863f3347f372202186e0d2d26bda57b071bd4522335cedc44eff67b933fb99786891c1e860cd243b67c20ea21
-
SSDEEP
768:9PqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ+b50RwHQgcwrpYjJVG:1ok3hbdlylKsgqopeJBWhZFGkE+cL2NJ
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\46c072dfde46c0c18092c36f55c05e3a6059eb7e0ed8ee20f814589a7c34aad2.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeexplorer.exe C:\Users\Public\Documents\Xig7U.vbs2⤵
- Process spawned unexpected child process
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\Xig7U.vbs"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Public\Documents\Xig7U.vbsFilesize
603B
MD5ea89296232596e447e9fd3105d903626
SHA1fd18d8f600f641ad4b5e99e246fbc652fb461407
SHA25654ce9223faaba80cfc93a27b67f49e136c69e589f67c919b70e28e372a200171
SHA512c2a1ca59eb56fcd0b0bbdf36b4b2360ff98703b93dbaed296df8fb09f276ccca37cc77e7781bb6510808c2277874d223b66665ed07b8905617dcd56ac12b4c26
-
memory/316-141-0x0000000000000000-mapping.dmp
-
memory/1076-132-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmpFilesize
64KB
-
memory/1076-133-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmpFilesize
64KB
-
memory/1076-134-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmpFilesize
64KB
-
memory/1076-135-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmpFilesize
64KB
-
memory/1076-136-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmpFilesize
64KB
-
memory/1076-137-0x00007FFDF8030000-0x00007FFDF8040000-memory.dmpFilesize
64KB
-
memory/1076-138-0x00007FFDF8030000-0x00007FFDF8040000-memory.dmpFilesize
64KB
-
memory/1828-139-0x0000000000000000-mapping.dmp