Analysis
-
max time kernel
0s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
31-12-2023 10:54
Behavioral task
behavioral1
Sample
3342624c6c8c4f5dab93bbb40aa8fda9.xlsm
Resource
win7-20231215-en
9 signatures
150 seconds
Behavioral task
behavioral2
Sample
3342624c6c8c4f5dab93bbb40aa8fda9.xlsm
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
3342624c6c8c4f5dab93bbb40aa8fda9.xlsm
-
Size
212KB
-
MD5
3342624c6c8c4f5dab93bbb40aa8fda9
-
SHA1
21a01d739a80e45885206f083bb754228cc67c77
-
SHA256
369d214980b7c6a0964f4b2a411544f751185346ac63c95601395115015ba93c
-
SHA512
7ec3d73a3bb13fe64490602312398bd7b5e4f02bd59936fa0ff0a9fc910bb065a2d08a2db0b42da53a0cbc24de3e6808ccbc4d0bb570f6bb1fc529c208bc5a9c
-
SSDEEP
6144:1ogkLjLh/2ecFrwTsuyAq1zWSkjVjQb17EWFtD:KDLZudukACo+tXR
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process 3284 4760 MSHTA.exe 14 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4760 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3342624c6c8c4f5dab93bbb40aa8fda9.xlsm"1⤵
- Suspicious use of SetWindowsHookEx
PID:4760 -
C:\Windows\SYSTEM32\MSHTA.exeMSHTA C:\ProgramData\TFpBSRTQVONuBcB.sct2⤵
- Process spawned unexpected child process
PID:3284
-