Overview

overview

10

Static

static

1

Nueva Orden.xla.xls

windows7-x64

10

Nueva Orden.xla.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    6s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2023 16:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nueva Orden.xla.xls

  • Size

    391KB

  • MD5

    20d7b7e70ea53065f8f5cbf5f2abde62

  • SHA1

    1574428c29f993ba3efa4dca4d7e493cd15bf605

  • SHA256

    3936c2bfa7b6ad5e67b8abd8228c633f77302f5f6883162ac8a0f5ae72a24702

  • SHA512

    021e165fbb621b8da8d3d2a2b9dea95910c37803dd865f0cb600a837fa1400249d393f7cf1fb2e97872e1eb1c54e157138206ce07c340c9dd375767da55bf41e

  • SSDEEP

    12288:UOergqKjij4a3DjM1+UT3A/6IGsIHOgEnVu:UOeDEezjs+UUSnHwn

Score
1/10

Malware Config

Signatures

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Nueva Orden.xla.xls"
    1⤵
      PID:2872
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -Embedding
      1⤵
        PID:3280
        • C:\Windows\splwow64.exe
          C:\Windows\splwow64.exe 12288
          2⤵
            PID:4016
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
          1⤵
            PID:3544

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
            Filesize

            471B

            MD5

            e5996b491e3ccd3f0e1f2c627169aada

            SHA1

            72387c9140a27c6c7f7cfc65451c9c5c51f09409

            SHA256

            5b31199eb78bebdda0e1690348774d465b07ae22c66ca6a54c91fdb61dba5061

            SHA512

            67653ef328039948c1fd244589127d3ad872ceb21dcf9c0e4e61a1b390338d68bb896a82e4b3a73f132dd6b1eb12f7f4ea594b7338f77eb10fa5a44ab96c0bd1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A
            Filesize

            412B

            MD5

            b14e3ddac8c168c2b3cda7b6675e56e0

            SHA1

            50d5e410627afa8efae4c45f1fb5ba969236949d

            SHA256

            ad38f61f7951e3f1961ed412b4dd7e1f9b753f648020c1b02826775386e68021

            SHA512

            28908927a57494cc7e70215d85e7d0ade69d63b64055720b32a63670b8c64d2e6f64c9a0f937c3c3bbc901e68f75d9b71b184abcf7d154ac52fa788bd9698753

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\253ED753-2430-454E-B509-AE3E46E38C8C
            Filesize

            158KB

            MD5

            37cc3dcd0714b030e2042d7bb11eb7f2

            SHA1

            0c02fd2e828645dae08453cca62d34d0902de472

            SHA256

            f214cb0d26924231c00bcfb13b6d695e004800cd35355cb18b62bd44b3ed0b00

            SHA512

            4957c14083e8af33318e91490df12857df9cad2c731a2344cc408858f6e7a12cca180f8c52772885667ed924081ad60b231a9b9b8870a0d00ce3a79eeab2489e

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres
            Filesize

            2KB

            MD5

            2fa3f431d5fc875b9ab62f51c7d225e9

            SHA1

            5965ab05523db457495ace7b8d8b73a7b9b8f70d

            SHA256

            b82a4c8a4882ed8bcaf4c3465f811e4c16532b58ee1720fd1c8927b409e0f881

            SHA512

            930de3f5d43c8ab5debfbe31053c1d1222d2f12c2611faebe06fbc4fe9aa2327d960cde171c88b8318b23abc5c5b5d40f5d98eacb4d0a118266c2be11cb0f09c

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
            Filesize

            2KB

            MD5

            8336b12eabcbd04f56917f9fa140ee75

            SHA1

            b5d72e053421c9d0b58abcd7787fe7ca6fe66cb5

            SHA256

            8d03f0d3e4f820e371b142e1e728a63176c05080e12cb5bfeaa7b4da6d5e4660

            SHA512

            616c1a93049f94e2f76e07ce558b4b44a5ddf1101dd3160c416edf5c93516d71c6ffedc77871be9fbedb04c824c521969b28b37e9722eb51e5830ddc438d12cd

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MJXP699G\newmicrosoftunderstandhowimportanttodeletehistorycookiecacheeverythingfromthepc[1].doc
            Filesize

            53KB

            MD5

            460857b142873aecf2a7fb03c03ad16c

            SHA1

            7dea4f943df7b874475531318592f3a7cee39119

            SHA256

            ec4035e087e6bfb7e4ed8de073512ff89c251a322b228ccf60dd96ff43c7f63a

            SHA512

            a4b4df83a88c7af7e25f5d94efb24c077112659fb91bd9eb53994eb55f506871d33c4efefc62b39b2abab42fd8074c30196d9761de028e968f5b8d992f235889

            Download Submit

          • memory/2872-18-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-71-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-12-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-11-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-14-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-15-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-16-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-4-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-19-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-20-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-22-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-23-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-21-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-17-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-3-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-2-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-1-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-0-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-110-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-111-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-112-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-114-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-115-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-113-0x00007FFD53870000-0x00007FFD53880000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-13-0x00007FFD51770000-0x00007FFD51780000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-5-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-9-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-8-0x00007FFD51770000-0x00007FFD51780000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2872-7-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-10-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/2872-6-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-38-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-50-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-30-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-36-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-42-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-43-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-40-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-72-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-29-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-44-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-45-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-34-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-126-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-125-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-124-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-122-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-32-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download

          • memory/3280-39-0x00007FFD937F0000-0x00007FFD939E5000-memory.dmp

            Filesize

            2.0MB

            Download