Overview

overview

10

Static

static

8

3a2a493445...91.xls

windows7-x64

10

3a2a493445...91.xls

windows10-2004-x64

10

Analysis

  • max time kernel
    25s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 14:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a2a493445f99b7dcaca0d0e7c0d9291.xls

  • Size

    35KB

  • MD5

    3a2a493445f99b7dcaca0d0e7c0d9291

  • SHA1

    1ff1f21f7dc4a01d9796687b405782e766c587bb

  • SHA256

    7866226257cf566903342b2bf987e8a3f0f6f9c0c7c5951b4feaf74e5821e042

  • SHA512

    cfbf54525e203e66c2bc51ac00c5c140226723bc93b6c85590208dc684e2542434de860895986d2879999fd7f59ef53aecd194b25ff190a4913d2e327a102ade

  • SSDEEP

    768:TPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJX2edkc5MkZEUF:Lok3hbdlylKsgqopeJBWhZFGkE+cL2Nq

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3a2a493445f99b7dcaca0d0e7c0d9291.xls"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2136
    • C:\Windows\explorer.exe
      explorer.exe C:\Users\Public\Documents\HKXUlsy7.vbs
      2⤵
      • Process spawned unexpected child process
      PID:4976
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
      PID:992
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\HKXUlsy7.vbs"
        2⤵
          PID:1912

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Public\Documents\HKXUlsy7.vbs
              Filesize

              606B

              MD5

              1854ac625fbe4881ab4174267048d082

              SHA1

              8722dc1b33941121107fce4f5c4e8564dd7d30db

              SHA256

              d6ee30dd5e034717740b16c7f5128674e5cf413e8057487e2c7d156a511892f9

              SHA512

              47aff508af3836cee6a6ecb190b3671a71cd40678b54f1f5e9212ac8c103948a64301c3a97aaeada11f08f5b6d7f4e438771e465b0bf26a604f3bf49782e50ed

              Download Submit

            • memory/2136-17-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-7-0x00007FFF21AD0000-0x00007FFF21AE0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-2-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-8-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-9-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-10-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-0-0x00007FFF21AD0000-0x00007FFF21AE0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-12-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-13-0x00007FFF1F250000-0x00007FFF1F260000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-16-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-4-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-15-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-5-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-19-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-14-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-11-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-18-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-6-0x00007FFF21AD0000-0x00007FFF21AE0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-1-0x00007FFF21AD0000-0x00007FFF21AE0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-20-0x00007FFF1F250000-0x00007FFF1F260000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-3-0x00007FFF21AD0000-0x00007FFF21AE0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2136-29-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-33-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download

            • memory/2136-34-0x00007FFF61A50000-0x00007FFF61C45000-memory.dmp

              Filesize

              2.0MB

              Download