69dd9b9ec851fdbb69316848b8be370a66ff208fb579aab28c1f8876da45bd6a

Analysis

max time kernel
118s
max time network
154s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
24/11/2023, 09:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FI-IMB-94073-C-00EX_10-Avenue-Hoche_Thiais_v.5.1d_INCOMPLET.xlsm
Size

3.9MB
MD5

91ba9e398b529c0a8eac944b35234344
SHA1

54fefd94b0d8bdad50d14a2e4750da9680b37e0e
SHA256

69dd9b9ec851fdbb69316848b8be370a66ff208fb579aab28c1f8876da45bd6a
SHA512

e108383f0d9961009ff7ee5b82c9405957e5a59693cdd472dd49f67f2ef2418fb679e99969711b37db65f5cb1fdc85e88ea36d0542c222baf48a453a200d2b3f
SSDEEP

98304:qUia6KZ15XOqf6PPHdy7jyb7eGwMKSOHptL2/XoyPlzDzgl0azYJs:qq6WTeq639y72b7eHMKS62Kl0azYu

Score

1^/10

Malware Config

Signatures

Office loads VBA resources, possible macro or embedded object present

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B9CBC21-8AAE-11EE-95DB-C2FF944EDF5F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "406981117"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLCheckbox"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}\ = "MdcComboEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{47FF8FE4-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\TypeLib\{D0CE24D0-FD5F-4440-8466-D1D58562512C}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents4"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}\ = "IMultiPage"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}\ = "IReturnInteger"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{82B02372-B5BC-11CF-810F-00A0C9030074}\ = "IReturnString"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents7"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}\ = "IReturnSingle"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}\ = "Tabs"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLHidden"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}\ = "MdcCheckBoxEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents1"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D0CE24D0-FD5F-4440-8466-D1D58562512C}\2.0\0	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}\ = "Font"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents10"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{04598FC8-866C-11CF-AB7C-00AA00C08FCF}\ = "_UserForm"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}\ = "ICommandButton"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents3"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}\ = "IReturnEffect"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}\ = "ScrollbarEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}\ = "IOptionFrame"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}\ = "WHTMLControlEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}\ = "MultiPageEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{5512D11B-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLText"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}\ = "ISpinbutton"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\TypeLib\{D0CE24D0-FD5F-4440-8466-D1D58562512C}\2.0\0\win32	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}\ = "FormEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\TypeLib\{D0CE24D0-FD5F-4440-8466-D1D58562512C}\2.0\HELPDIR	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}\ = "IScrollbar"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2084844033-2744876406-2053742436-1000_CLASSES\Wow6432Node\Interface\{82B02370-B5BC-11CF-810F-00A0C9030074}\ = "IReturnInteger"	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2204	EXCEL.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1208	iexplore.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2204	EXCEL.EXE
2204	EXCEL.EXE
2204	EXCEL.EXE
2204	EXCEL.EXE
2204	EXCEL.EXE
1208	iexplore.exe
1208	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2716	2204	EXCEL.EXE	28
PID 2204 wrote to memory of 2716	2204	EXCEL.EXE	28
PID 2204 wrote to memory of 2716	2204	EXCEL.EXE	28
PID 2204 wrote to memory of 2716	2204	EXCEL.EXE	28
PID 1208 wrote to memory of 1740	1208	iexplore.exe	31
PID 1208 wrote to memory of 1740	1208	iexplore.exe	31
PID 1208 wrote to memory of 1740	1208	iexplore.exe	31
PID 1208 wrote to memory of 1740	1208	iexplore.exe	31

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\FI-IMB-94073-C-00EX_10-Avenue-Hoche_Thiais_v.5.1d_INCOMPLET.xlsm
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2716

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
935f1fecf0b2e6dab0812dbd246552f0

SHA1
f19e1e6631d6193b48dbbb4c9457ea73a07cb91a

SHA256
c5f082cc8538811f33e59f86604e2e7e3d4c4dcb9ba1044793141c681dd65bea

SHA512
a39118e8d6261b42bf5dceb2ee5cc8d5a975348cad1eb655df719f667822116c31f72d81b4abb34abdaeb8227218148ab29a66dc41ceb18d6696df61fc570323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
41494c6a7f4e039a9f3af63756e06ea7

SHA1
569d505bfba059b3dbe7328aa80f2bc295c8cfa3

SHA256
54bda603278c330d0bf0313b6c543de3f7a4835d8c58b3a0a08acf3d8de2c17b

SHA512
92b4de00b0e133c5720c6a0a589a0cb419885f09c08b4302d59739996a738136bffc06c0fd219503b0c6a797fb0519ce44d8428121b4268eb7fd70762d57b9fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f45dc8ee6d579f0ccaa449778faa95b

SHA1
5d952cc79eb040f48cedd43977f37a2a4b853f07

SHA256
d69b1fba3b293574845dec702c75008fab3a380b327fd8608f521d272059b078

SHA512
79485c2a168f1bc0055a48fcf3adff50ecf9641831e251747c182020fe7ca023c7e2bcf6a7a5b9d3de06cf52e70c20a104305c735fc42db972be913140e11687

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d14e6f0a57dcd32c214686391bbc9395

SHA1
5916617192ece3e0af1671293e88ce7de6f7f875

SHA256
dae8fe2b691d756245fd3a7180427519cd985e2ce6f5171a797aab8ee71421b4

SHA512
25a40ed198c5a514a211cf18115fd3dbbdefe5df01b70e313efebfc9e3b08608e7713fc051da25cf21e485e2a46755a183289ad35c183485e174f180d1057aef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0f1f0d2103c2b30d4062e44566398d53

SHA1
8ef128e3e1661abcb8ef87858332ae67735895e4

SHA256
903ae302657c50ee56b158a21e539d7810b097f4c501ecd1b2b1b695f041f2ca

SHA512
3b6c5689654680607e312493e47fc0811c2854c2a9870f61840b7e4f125d85a6e1a7327407f811457fd4602488ad438f18590db112e653721f17cebe24810f5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f367aec6de593affeec39aa08f318cca

SHA1
3c99d23851bce5c653a7fbe8e42d988b0b73b0b5

SHA256
d68b3bda16dda7e51bff74b0a65ff03cfb18abf813982251ac76b86f0d9efe60

SHA512
53bb73e1fdb555770d29188384edddc04ffd67a0d803616c472eceb5999a80e062b6a3fb060055998c45913dab103117a9292961bc4e7a4c1047f879ca6af3d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52efcd5b7ccc2825e65c235a081e8620

SHA1
d689ffca578c6052ea653552621c866d1cdf10c6

SHA256
632609cf159c22ad7635128d9a100974fd4d9eafdf09361cb899a2306e3f3714

SHA512
8a862c0f206fafe2848a981dd4877f9a126bd5a15de34625ae854f7b56b1306dc9f6d7333ec11fc45865de69ea6539f90f62b52a87f78e9d77c7b21fc513c45a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
53c86afbb5879b2b667d6bc08b0e861b

SHA1
c9a17ff955b74b7681a8209934cb3ac3728f8fc6

SHA256
57025ee2204adc7ccab34962c601e901059bbee34e35980bc5b73899aee588b1

SHA512
c61d0cf66cfff055c4f028fea3807ead067d31cd850386230b9d7b99023bbeedb5c5cb6f0c433ed0ea0d83158f7b9088e35f868d68b175a33170f7c734a921ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b9af1d16e0a654dc454f106bc9bd3c3

SHA1
835b42e52b3fe67203a844b0fabe66c840b5c9a6

SHA256
ff3b925d87934aa478e80acba500bae7fe91f9b8982547d7d3873a01709a7d8a

SHA512
14376cf1b24d17dee0bb1d7cf002d588e3706b7b8e43146d84f9540f14b5541ee98d6e9966cdd6141f49ec89c1de30c9c5893ab6e769af33ef1b0bb7d8f59a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2dda0d29f771a30bcf0620649862ec0f

SHA1
b1da931bb5551ece6d05dfbe340f58d9a36b2aab

SHA256
09c9c5205c9995de6bb302b62e54dc309196e49b115cccb4abfdbc4f9ea5b7ff

SHA512
03da7627ff959bfda33f86aa8e4ce5ebcefac6c2077c587298e05408c373b5a3c0317a0f1667e17fb5ee4b3c77b1ebf73dfd54b71c1e49bc6036458fbf0d932e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2397d86ae675ee781e5aff8dcb25e106

SHA1
ad0c859f6649b59e09c10f77b3a62f8031491ddc

SHA256
059bbe998baec61568c57b1d2a17b7e18c1832f22569fbc16b9a9355a1f2796d

SHA512
07560a74910f94228e2b0ad6f74deee12c679640fa850f27f82497033f16540baf19262b12bf29191eee2c4517c862964df9c8b0096c58fada8be7bc43360855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d41e38de92035b1ea40a29d39e9ece44

SHA1
a57769daca8e2e8d1b24fcc43514fa1b1002817c

SHA256
d990f474d4bab4e47529703bfcb54894a45eb1beba4a884ebe0b24a19cef21ee

SHA512
29fcb72ad97c67e0f8782cf38d6a7d9297a28dd8d64fe096ed1d4448e4cd866fd6c032f5fc77aa0b431967a757cf5ed0ea032c516fd6f53ce6a500914f77feea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cf9a7f8c4f4924d5fe3c8b6d446f35a5

SHA1
19386b3d9c3155e528bd42e63ddbac81ac6b4f4d

SHA256
55431d85c1fb6992a714c4830c5dcda0206a0dbc458face0cac7e7a5b0c642c7

SHA512
618f46dc75b56cd4df92dff50d2624055b272475e6f0e7fbdb73e183485b288b39ca67a090c82049fa0851e6199ea85c3fa5e676644aacf09919dc40bcd138e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9def7918f99af1935c7561722fa593ee

SHA1
617ec5a8a526dd34f3a45799735e36fda381d609

SHA256
0b954ed1a344918dee8e028e9ea7e47c88699f7310df523f2ae09f4d8c1d54ff

SHA512
bd24915fb37bca5710cfeb057aae515ac45ee5d78a0bc72ffe605ae722e1c75bcfa78f5def11a2f51d66f4ffcfcdf9d664eee3ddbf391c4e4d305bb93d4ab7b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e6b40f5f499452321df752d5b10119f

SHA1
8517571dbe783a05cc9275d3ec8e91487c0f8767

SHA256
f90b59350ebdbd56c7682ca1a4c26569bc5ec799a82693a75123a3ff5c924fed

SHA512
3171639c1c9ee0891b2fcdb1204dcb0c154a519e28424b6c46c670fdcd352c6855ef4e2b9b5cd7f4f56e717635f6246cb785bb7ee6fcbfe436dbc235cc001b9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2c74de59f26a260b21594bab20703761

SHA1
cbcd0ac564b32e28d0965a6d9869ac9e3306070a

SHA256
e9b316c0caf3c836c1abc1b413be4eaf30e2da6c1ba521f5c8c5f37d079a90f4

SHA512
c51176a73986487ebb5a7beebfb614583a504ab4c3204ae74d2a8f32cc4b7e7cfbf41a7195a42a3492a79b1168150aa091aede29d529bbacf82824b69f002b75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
648fe69b31f224db05a83d312b2c9402

SHA1
a70ff4ddf8d691ea84811177be60bd6821ae0924

SHA256
23d3827afb7a421f0901306fe8116ce52460f452c5cb1a6ad737954735914f62

SHA512
4c7c484230aa32336a199502ae22db01c58cca489afc5d98cb55461d153e92d14e34a11291deeaa567949b6478f07f82611d030c94bfc785437433522e23fa31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
64d94d46c8c6db8a1e1b55b194c70021

SHA1
03731b2d1903e24a23f0549f6077bb71648d9447

SHA256
0b20a2c403e4d523a838dc66685132847ad3b77242ac39dccc37a97ea7e563ec

SHA512
e2288c4f40d4c0376419a396e7bd39747b2fe74627857bf430be25754f7fa1b84d2b31934648362606067b9872040a093c674816c137537beeedcc2e7b3a26ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAB7E.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAC2F.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/2204-708-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1179-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-706-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-731-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-733-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-748-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-750-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-770-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-772-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-800-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-803-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-805-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-807-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-859-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-861-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-879-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-881-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-931-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-933-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-982-0x00000000004D0000-0x00000000005D0000-memory.dmp

Filesize
1024KB

Download
memory/2204-984-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-986-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-987-0x00000000004D0000-0x00000000005D0000-memory.dmp

Filesize
1024KB

Download
memory/2204-989-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-991-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1076-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1078-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1135-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1137-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1170-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1171-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1173-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1175-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2204-1180-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-680-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-678-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-656-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-654-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-652-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-630-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-628-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-566-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-545-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1555-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1564-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1611-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1612-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1613-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1614-0x00000000004D0000-0x00000000005D0000-memory.dmp

Filesize
1024KB

Download
memory/2204-1615-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1616-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1617-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1618-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-1619-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-528-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-500-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-498-0x000000007228D000-0x0000000072298000-memory.dmp

Filesize
44KB

Download
memory/2204-445-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-425-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-422-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-358-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-326-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-298-0x0000000006AD0000-0x0000000006ED0000-memory.dmp

Filesize
4.0MB

Download
memory/2204-9-0x00000000085E0000-0x00000000086E0000-memory.dmp

Filesize
1024KB

Download
memory/2204-1-0x000000007228D000-0x0000000072298000-memory.dmp

Filesize
44KB

Download