3936c2bfa7b6ad5e67b8abd8228c633f77302f5f6883162ac8a0f5ae72a24702

Analysis

max time kernel
0s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2023 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nueva Orden.xls
Size

391KB
MD5

20d7b7e70ea53065f8f5cbf5f2abde62
SHA1

1574428c29f993ba3efa4dca4d7e493cd15bf605
SHA256

3936c2bfa7b6ad5e67b8abd8228c633f77302f5f6883162ac8a0f5ae72a24702
SHA512

021e165fbb621b8da8d3d2a2b9dea95910c37803dd865f0cb600a837fa1400249d393f7cf1fb2e97872e1eb1c54e157138206ce07c340c9dd375767da55bf41e
SSDEEP

12288:UOergqKjij4a3DjM1+UT3A/6IGsIHOgEnVu:UOeDEezjs+UUSnHwn

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2640	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Nueva Orden.xls"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -Embedding
1⤵
PID:3008
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E8AE876B-CE2F-4BAA-817D-AE660675160B

Filesize
158KB

MD5
fec7096f55ed2d134c37e0e2c4690f23

SHA1
c05587709c3f62c976c3fefcde2d1b631fe6e03e

SHA256
68255b603f3fd91fc65b7285edef81e5679bb0f830d001aea256932863c41c16

SHA512
084536cb69c13fb4db3d0635be3f7991394c0bd98815f79c4cd720a07911c1e7b32c3835f6300891884c64fd1c1e964aed13a3ba36ca4625a324151f66362eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

Filesize
2KB

MD5
25994f05c9a6aa2c763e43c3c9c5aae0

SHA1
d2c8773c1e09299fa4b6d1965ce2e534ade7e878

SHA256
4c70de3a5f1f1083b8f9070c7836c81572e30a88b5dbd178711033598d58834e

SHA512
1c0768ebba09dd03b4f010c100987a67e7abe7f799eb974698f9a363748b5513b7543c13312da6bf45d99f506aa71dda0c4354fc5945e2577d316d0c18b82c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

Filesize
2KB

MD5
0bff3f97a0b2e2d1356862dfc76b9a93

SHA1
57db3359a326ff1fd65a955755a2977d164e7574

SHA256
ee84f79e85c004d946ea31579d6b89d4541290652fb9cecf308ca79c88ff7936

SHA512
c75fbdedc74e4f676c3e73713c1b785112f9ca43cc8df6571550604e6038ee0612dd11001b1b3066e3444d9e031c4727678ad497015617e84b540dd57c38fd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9M5T4KBF\newmicrosoftunderstandhowimportanttodeletehistorycookiecacheeverythingfromthepc[1].doc

Filesize
53KB

MD5
460857b142873aecf2a7fb03c03ad16c

SHA1
7dea4f943df7b874475531318592f3a7cee39119

SHA256
ec4035e087e6bfb7e4ed8de073512ff89c251a322b228ccf60dd96ff43c7f63a

SHA512
a4b4df83a88c7af7e25f5d94efb24c077112659fb91bd9eb53994eb55f506871d33c4efefc62b39b2abab42fd8074c30196d9761de028e968f5b8d992f235889

Download Submit
memory/2640-15-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-8-0x00007FFA94300000-0x00007FFA94310000-memory.dmp

Filesize
64KB

Download
memory/2640-20-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-124-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-23-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-21-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-19-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-17-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-4-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/2640-13-0x00007FFA94300000-0x00007FFA94310000-memory.dmp

Filesize
64KB

Download
memory/2640-12-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-11-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-9-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-16-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-7-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-5-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-3-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/2640-73-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-1-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/2640-6-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-10-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-0-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/2640-22-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-18-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/2640-2-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/2640-14-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-112-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/3008-45-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-46-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-41-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-39-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-40-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-28-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-38-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-36-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-31-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-27-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-37-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-74-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-115-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/3008-116-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-114-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/3008-113-0x00007FFA96910000-0x00007FFA96920000-memory.dmp

Filesize
64KB

Download
memory/3008-34-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download
memory/3008-32-0x00007FFAD6890000-0x00007FFAD6A85000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads