3de231ae12af18a1b05efcf606e3065b33da588c38f8927a66c60af9a34a5d01

Analysis

max time kernel
0s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

REMITTANCE REQUEST LUANDA TIANJIN HIGHWAY V.159A.xls
Size

28KB
MD5

367815644858d7d5b0417c48f4b5f418
SHA1

2c74f08c73e6a7bc37640f234f5c636483d4b9ee
SHA256

3de231ae12af18a1b05efcf606e3065b33da588c38f8927a66c60af9a34a5d01
SHA512

10a415da264efe54e7298f1203df35bd09632b2c3e183ac635a7fab2f186e44d7437936b181eebb1c367843f86a926f3cedb9889a524cbed6417057ff4381354
SSDEEP

768:7lA6EFtZsxEtjPOtioVjDGUU1qfDlaGGx+cL2QniYn05RrZp:hwsxEtjPOtioVjDGUU1qfDlaGGx+cL2T

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3844	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\REMITTANCE REQUEST LUANDA TIANJIN HIGHWAY V.159A.xls"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3844
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:1900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3844-0-0x00007FFF96010000-0x00007FFF96020000-memory.dmp

Filesize
64KB

Download
memory/3844-1-0x00007FFF96010000-0x00007FFF96020000-memory.dmp

Filesize
64KB

Download
memory/3844-2-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-3-0x00007FFF96010000-0x00007FFF96020000-memory.dmp

Filesize
64KB

Download
memory/3844-7-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-10-0x00007FFF93F60000-0x00007FFF93F70000-memory.dmp

Filesize
64KB

Download
memory/3844-13-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-16-0x00007FFF93F60000-0x00007FFF93F70000-memory.dmp

Filesize
64KB

Download
memory/3844-18-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-20-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-21-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-23-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-22-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-19-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-17-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-15-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-14-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-12-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-11-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-9-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-8-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-6-0x00007FFF96010000-0x00007FFF96020000-memory.dmp

Filesize
64KB

Download
memory/3844-5-0x00007FFF96010000-0x00007FFF96020000-memory.dmp

Filesize
64KB

Download
memory/3844-4-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-36-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-37-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download
memory/3844-38-0x00007FFFD5F90000-0x00007FFFD6185000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads