Overview

overview

8

Static

static

20da16a922...15.exe

windows7-x64

8

20da16a922...15.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-01-2023 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    20da16a922b52ed79f43c0cb21c3dffcb3acef58834d65017475909122024115.exe

  • Size

    317KB

  • MD5

    d1c2e5148bd6df8b150ae5178445c260

  • SHA1

    cb2b635766393cf564e8dfb3564d070477778620

  • SHA256

    20da16a922b52ed79f43c0cb21c3dffcb3acef58834d65017475909122024115

  • SHA512

    f9efeece8400f9ec1934566f774ed2fdf6a9641c8685ee10bd396ed0b600befaccf9b94131ec8327e7fc528d18cba9a7e109b8a93ff8768891f95a9e4c9e3add

  • SSDEEP

    3072:NVpRMSgIidZ7+7l4+9XflZ6NTh42li7Ln0aWhhw245p9ktIwFj9wXvaoKrGG1k6C:NV9EAaePQunlWhB4jJTeXS

Score
8/10
macromacro_on_action

Malware Config

Signatures

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\20da16a922b52ed79f43c0cb21c3dffcb3acef58834d65017475909122024115.exe
    "C:\Users\Admin\AppData\Local\Temp\20da16a922b52ed79f43c0cb21c3dffcb3acef58834d65017475909122024115.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4920
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4344

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp82A2.tmp
    Filesize

    221KB

    MD5

    5533f202e7d6ffd5a999bf5d8a6a5868

    SHA1

    bbb6df3c1b25812d384cad15888fff8cac8aa1b7

    SHA256

    e9edfacf260175c8082c6a2a18e474a45b827a016636c59f1b6505eb9906b0a1

    SHA512

    5b564b7fb8e3971bca2f3e6ce41532bcd0c9f2357b76b9959d3e1c8ab4854c90fc287af8e5d172bd58a371537bfd673a64ea91072ab31027d2294bcae53df07b

    Download Submit
  • memory/4344-134-0x00007FFE28930000-0x00007FFE28940000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4344-135-0x00007FFE28930000-0x00007FFE28940000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4344-136-0x00007FFE28930000-0x00007FFE28940000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4344-137-0x00007FFE28930000-0x00007FFE28940000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4344-138-0x00007FFE28930000-0x00007FFE28940000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4344-139-0x00007FFE26440000-0x00007FFE26450000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4344-140-0x00007FFE26440000-0x00007FFE26450000-memory.dmp
    Filesize

    64KB

    Download