Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
05/08/2023, 11:23
Static task
static1
Behavioral task
behavioral1
Sample
6d641a102305c0a62467fdf0197ff548473edf090d07c0c3faa3f1f9ea10c760xls_JC.xls
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
6d641a102305c0a62467fdf0197ff548473edf090d07c0c3faa3f1f9ea10c760xls_JC.xls
Resource
win10v2004-20230703-en
General
-
Target
6d641a102305c0a62467fdf0197ff548473edf090d07c0c3faa3f1f9ea10c760xls_JC.xls
-
Size
1.7MB
-
MD5
d7ffa2f0230caaa0ef7834fdbfdc1467
-
SHA1
43c9a03ad4268e89fb22e57969ea912efcdbb1fa
-
SHA256
6d641a102305c0a62467fdf0197ff548473edf090d07c0c3faa3f1f9ea10c760
-
SHA512
e37d66848add3cd981c7eb523462ca76ccf938ed3594b1e70b906220f2a57bef7622ce975142645019db48e4da2c14983165a99dbb45a3c56912afb1f22e6486
-
SSDEEP
49152:0QmmQ30Tupp6VLQmmQ3085n6VkiNhv3tBUXDnHgk6EDS:0pmQkTamLpmQkomkMhKDl6
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4720 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4720 EXCEL.EXE 4720 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE 4720 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\6d641a102305c0a62467fdf0197ff548473edf090d07c0c3faa3f1f9ea10c760xls_JC.xls"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4720
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5a01b9617553432807b9b58025b338d97
SHA1439bdcc450408b9735b2428c2d53d2e6977fa58c
SHA2567a0426ed2e2349916969ff7087c0f76089fb8ce7f4627f3d11ccbc1aaefcedce
SHA512312cc2563fa865d6a939fea85a520627c73ed9a95bafc98c89495f21d535dc658825be74b64f0f5c5815d1d234fc6e77a71779247e4973e39ba8dccec2f09bee