Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2024 14:28

General

  • Target

    ac1b8577a721e73837052d5593c90f12.xlsm

  • Size

    328KB

  • MD5

    ac1b8577a721e73837052d5593c90f12

  • SHA1

    035a9336fc6a6436d38e68b781d953f1ab8b41f1

  • SHA256

    c4bca83a64ee93e07d2e4dba612043123ae8760aad3878ead07762b1dd978d40

  • SHA512

    2937eb315f1a729f38570108f9e039dc18dce937e6857b028821170423c5262bd43f150de14f7a9904b6eb33ee529fd4e56173303b20f2e3e998458f0e5f0c27

  • SSDEEP

    6144:Q59HMInvpPbR/5L4YvQ6bgcsEEmi+efMi0oG2wzmtQH4kCUP1dB:Q59tRbtp4Wl8cnEQeNGHzm+d/B

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\ac1b8577a721e73837052d5593c90f12.xlsm
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\mshta.exe
      mshta C:\ProgramData\UiFvWAOVUWShU.sct
      2⤵
      • Process spawned unexpected child process
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\UiFvWAOVUWShU.sct

    Filesize

    15KB

    MD5

    04d0cd1fd3a3937aa3dfabafc97299e9

    SHA1

    375358fd0f1915791b305b86d0f71a5c58d130a9

    SHA256

    828df944cbf1dd7475816027c0cee83009e03e8fa8e436487383da9115d7a4b7

    SHA512

    eb2170972a3651ff67f449d142592acf10348c8516982482b5b80fb6f8020bcf3210a3aba5adc02b170dc6f2e0630600e9dcd922fb6415b8401f17aabddb0bac

  • memory/2188-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2188-1-0x000000007224D000-0x0000000072258000-memory.dmp

    Filesize

    44KB

  • memory/2188-8-0x000000007224D000-0x0000000072258000-memory.dmp

    Filesize

    44KB

  • memory/2188-11-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2188-14-0x000000007224D000-0x0000000072258000-memory.dmp

    Filesize

    44KB