Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29-02-2024 03:36

General

  • Target

    ad9620b98d697b603f0c3ec4e618e4d3.xlsm

  • Size

    237KB

  • MD5

    ad9620b98d697b603f0c3ec4e618e4d3

  • SHA1

    7f7c8a54cbac1207f6a936fd174fba71db8b4be1

  • SHA256

    a2c0961c68aa8ec95213014e570ae11abe0ee633670c676b43914bd3c4b8ce52

  • SHA512

    1c4f9f24d387441711a9ba3171b7b3a2a86758a6c875f88f381a307d1fd06d02d5e023914fec03667da59dd9887f096e06bcd4379417bc57a3d1b492f4257dd9

  • SSDEEP

    6144:S4NSLcq+YXEsJZ0cSd3ipzX7DdXrW9c/qT:bPYXEsnSp+pCQqT

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request 4 IoCs
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\ad9620b98d697b603f0c3ec4e618e4d3.xlsm
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Windows\SysWOW64\MSHTA.exe
      MSHTA C:\ProgramData\QGabxSwVNnZoHBs.sct
      2⤵
      • Process spawned unexpected child process
      • Blocklisted process makes network request
      PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\QGabxSwVNnZoHBs.sct

    Filesize

    25KB

    MD5

    384d0746179cd1c43daf8efb619c65f0

    SHA1

    4a27be65a8dda50d8c136dd53be4e0136b9c0643

    SHA256

    b5fa57334d68bab89ff681e3f08216407b8b3744bb8f0b6fd160c056b588d805

    SHA512

    ad39bc3ebe8784b9ab725cf66f115e4456c0b64a603230e992afbb403682bcae866c056cce0587a88fbd9223f91650f808af418a5bf15cc9603d470be990b1f3

  • memory/848-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/848-1-0x0000000071E2D000-0x0000000071E38000-memory.dmp

    Filesize

    44KB

  • memory/848-8-0x0000000071E2D000-0x0000000071E38000-memory.dmp

    Filesize

    44KB

  • memory/848-11-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/848-18-0x0000000071E2D000-0x0000000071E38000-memory.dmp

    Filesize

    44KB