Overview

overview

8

Static

static

8

System Ass...e.xlsm

windows7-x64

1

System Ass...e.xlsm

windows10-2004-x64

1

Analysis

  • max time kernel
    10s
  • max time network
    5s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2023, 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    System Asset Inventory Template.xlsm

  • Size

    24KB

  • MD5

    2def881af15fe12ce65e16282c936e2c

  • SHA1

    1dce4a1702a4b94ef6258d838da8c3a48035d59e

  • SHA256

    00189bb1cd3ce502d1baa98a847c523ed26d5356a2ea42e6a7972dfb99d5e1a1

  • SHA512

    b6b6d0ceff26a2ea2d9500999d5274fd5e275e915ca6994149b35ab45c2c6ac2b70f3cebb4cf3954892d6aa85a373a23140aad3fb7907cea0a1e3693ea9b529e

  • SSDEEP

    384:TRMU232zYw7LPXIeN6yU7j6UlM9zQ93y+eMA6ljQvYnRdEWMcZIJ5mctLG:CU2GzYw7TkyU72xT+enAjFPZIztLG

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\System Asset Inventory Template.xlsm"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2492-54-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2492-55-0x000000007403D000-0x0000000074048000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2492-56-0x000000007403D000-0x0000000074048000-memory.dmp

    Filesize

    44KB

    Download