9abfa0b3e5925e8289b0b89c2cd57fc994d943efd6cb90cfe228dfd900e42fd1

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a59e5c60d3d45240f864bcf209253a2.xlsm
Size

12KB
MD5

3a59e5c60d3d45240f864bcf209253a2
SHA1

430410e9a6161f76f79818b88e42f6d86c06aee3
SHA256

9abfa0b3e5925e8289b0b89c2cd57fc994d943efd6cb90cfe228dfd900e42fd1
SHA512

89e00c4d8fd6e23bcc77eae6a7d597a931a8ae2e2cbcd4d31f5caded8cd9bee2622908a65836e0c5928accf7ff980d2148511d1e4892329f0ca33a92879627c4
SSDEEP

192:HQ45HSxR82QxizT3W7+9XpS01+nIk+8hal1LNLT9sbRzvCXV840S9yG:H9HSxR82QITM8p9JEhKLTmbkxb

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	3984	4064	cmd.exe	14

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3a59e5c60d3d45240f864bcf209253a2.xlsm"
1⤵
PID:4064
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /K echo X5O!P%@AP[4\PZX54(P^^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
  2⤵
  - Process spawned unexpected child process
  PID:3984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4064-3-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-9-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-11-0x00007FFCFBEE0000-0x00007FFCFBEF0000-memory.dmp

Filesize
64KB

Download
memory/4064-14-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-16-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-19-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-22-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-23-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-21-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-20-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-18-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-17-0x00007FFCFBEE0000-0x00007FFCFBEF0000-memory.dmp

Filesize
64KB

Download
memory/4064-15-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-13-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-12-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-10-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-8-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-26-0x00000246AB150000-0x00000246AB950000-memory.dmp

Filesize
8.0MB

Download
memory/4064-7-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-27-0x00000246AB150000-0x00000246AB950000-memory.dmp

Filesize
8.0MB

Download
memory/4064-6-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-5-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-4-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-1-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-2-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-0-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-40-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-41-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-42-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-43-0x00000246AB150000-0x00000246AB950000-memory.dmp

Filesize
8.0MB

Download
memory/4064-44-0x00000246AB150000-0x00000246AB950000-memory.dmp

Filesize
8.0MB

Download
memory/4064-63-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-65-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-64-0x00007FFD3E050000-0x00007FFD3E245000-memory.dmp

Filesize
2.0MB

Download
memory/4064-62-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-61-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-60-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download
memory/4064-59-0x00007FFCFE0D0000-0x00007FFCFE0E0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads