Overview

overview

10

Static

static

1

COTIZACION.xls

windows7-x64

10

COTIZACION.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    138s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2023, 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    COTIZACION.xls

  • Size

    1.4MB

  • MD5

    74c8f8643c29d8d19becd545eee7a48c

  • SHA1

    afaf8d9c8b504333a2824fcd18f1fbc87da6c48a

  • SHA256

    89b872366486882d0add3f52b59a244ccb38c30becf7c7fc238b2aa9a674ad93

  • SHA512

    c093add8ee59b709f05b71e5bd6cc3203c9d9748016c518e43783723294c93eb9ed1103696098e3ab2ab45bfeed5ad6563560a18d665193ac199b18923ae14c8

  • SSDEEP

    24576:lLQqSXdQp/XX46rg1HiB+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXXXXFfPShbZb+B:l0XdOwBEE6LaxgHrmi/9itk7Xu

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\COTIZACION.xls"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1464
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -Embedding
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:2116
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
      1⤵
        PID:2616

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
        Filesize

        471B

        MD5

        8075817f7423bdbad2235bd811729c8c

        SHA1

        9016b4d287fe437086281da850ddf008e1759191

        SHA256

        8ea8b9fd553d9ed609932332dc471cc67a4e493b6971a7b9d419fdb01c7034a1

        SHA512

        7871db006ea071f9a9013d3e81a0bc1d85931aa8f93f865ebb42a5148647bda94ab788059b8fa15e641ced235aa8887302cf340228218946cb58bade8fd1e8b8

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
        Filesize

        412B

        MD5

        5ac425dcaccea77da2bb21b4a1d1ba3f

        SHA1

        007b8aca30ef541ed666d83a335ea8c90a722c4b

        SHA256

        45020fbf38e43d8c9f3b5b1ca9b3c799c7b02c8a5438faab6d270895bf1d8923

        SHA512

        fcd779435b93286a5cdbd4f39d7169a68990af57694bee3668fb9d14aa0b3a496da48ed7993b548d20ced6bd2e38c9be62e267ef81054061865fe2a45ce883f7

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5221A023-DB71-4272-B1FC-3E22E5297398
        Filesize

        156KB

        MD5

        f13f35e6db8b4904c209f9ddc6d786ba

        SHA1

        c5175f37f867b35ec4a70a08a0bced8e29df6b64

        SHA256

        6fb9ad84c7bdb646f8c951a2c5bed55d73ac18a69c097f841200a7dc515cdc80

        SHA512

        70b86f65c9354afc658045244de37a700708d97b42b18b6a779c5d47b96b4fe069330f42eaf7ad3ab2e2da4f0204c78a6d0fc3215318daf8ed71e46deb0396e4

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HW3GGUK8\0000Oo0oOOOO0o0ooO0Oo0o0o000000000##############000000000000000000##############00000000000[1].doc
        Filesize

        28KB

        MD5

        d12d35567b65ba4cd1ff066e8a16d473

        SHA1

        83f375869fd5b28fa10c3eb4ab39b57c4688d7d9

        SHA256

        21878810dc75afe148d8e4fa167478bf33c0076fc2b029c8169848947142a4b9

        SHA512

        eeff6e93b8d679d125e44632dc799f942ca8f885d53c8ef349254bb0682f9e541901b5ba27145af8c0fe8be21eb9bbd3bfa98dff1cac8e9462fe65fafa83d3e6

        Download Submit

      • memory/1464-141-0x00007FFDBDED0000-0x00007FFDBDEE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1464-179-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-140-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-138-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-133-0x00007FFDBDED0000-0x00007FFDBDEE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1464-142-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-143-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-144-0x00007FFDBB820000-0x00007FFDBB830000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1464-145-0x00007FFDBB820000-0x00007FFDBB830000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1464-134-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-137-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-180-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1464-139-0x00007FFDBDED0000-0x00007FFDBDEE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1464-136-0x00007FFDBDED0000-0x00007FFDBDEE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1464-135-0x00007FFDBDED0000-0x00007FFDBDEE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1528-160-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-153-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-165-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-166-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-167-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-162-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-157-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-163-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-164-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-184-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-185-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-155-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-158-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/1528-188-0x00007FFDFDE50000-0x00007FFDFE045000-memory.dmp

        Filesize

        2.0MB

        Download