Overview

overview

1

Static

static

1

UNI-45733-DS.xlam

windows7-x64

1

UNI-45733-DS.xlam

windows10-2004-x64

1

Resubmissions

19-02-2024 08:14

240219-j4zayabe35 1

19-02-2024 08:11

240219-j3cesabd96 1

Analysis

  • max time kernel
    100s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-02-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UNI-45733-DS.xlam

  • Size

    747KB

  • MD5

    4b78413e2375d89be0dc474d9322a134

  • SHA1

    345295e37534514d9bae65a093f098d193597623

  • SHA256

    ec2da4fdd20292035c85d26d0c6655cb7c59130ce7202ec2f866dd6540e1d475

  • SHA512

    f9a8ef784b25921f1663b9dc8cd1ee83716446d8a37432965b26340734b9e80cda28b5164a643f15ac5e8377ae82b0c4ae30028e31036c4d9b6219f7e6bddc0a

  • SSDEEP

    12288:4nnW8dLc4VI6tRTXBYNNJvVkHb8M92CCuhtYUJ2aINHExEiYNjGvWfXfHYa6E4aV:kBhrbBYbJvVk78o27uhuaUEx+lLfHGK

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\UNI-45733-DS.xlam"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2284

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2284-0-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-2-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-1-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-3-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-4-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-5-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-7-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-8-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-9-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-10-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-11-0x00007FF7D6E60000-0x00007FF7D6E70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-12-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-13-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-6-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-14-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-15-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-16-0x00007FF7D6E60000-0x00007FF7D6E70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-17-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-18-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-19-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-20-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-21-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-22-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-34-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-35-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-36-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-52-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-53-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-54-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-55-0x00007FF7D9450000-0x00007FF7D9460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2284-56-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-57-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2284-58-0x00007FF8193D0000-0x00007FF8195C5000-memory.dmp

    Filesize

    2.0MB

    Download