Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-03-2024 14:05

General

  • Target

    İÇİŞLERİ MÜŞAVİRİ.xlsb

  • Size

    76KB

  • MD5

    750cdf7cd0f23280e56992ae8896cc8f

  • SHA1

    c065d16a1a2ee94f3877bb2342d7ac13cd312b14

  • SHA256

    5f65359cec8009a484bd59696ad62e99565faba19d52fae3776350d544d710c3

  • SHA512

    534c8a821f5cf24c34bd42d2d0ac1173c7ec454df876e8679ac1f95b06473c7a1ae21bf1ab671981270325e8ca8e0adcc8147f2ec0d5d864aa24eb1ff5ca57d2

  • SSDEEP

    1536:yF1QWz3NsQkL6RogIil/y0Jf6jk03mFa6Dc8TCG4niV1ut:G1QyNsilnyg02TDwlnpt

Score
8/10

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with 4.0 macros.

  • Deletes itself 1 IoCs
  • Drops startup file 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\İÇİŞLERİ MÜŞAVİRİ.xlsb"
    1⤵
    • Deletes itself
    • Drops startup file
    • Checks processor information in registry
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5D775E00

    Filesize

    79KB

    MD5

    6acb4b46565135885aa92cd36c3ea456

    SHA1

    644de97cc539dd6e9d470ae7da9783c159b62da8

    SHA256

    c3c24144cc4e4daae4427ba03476bc0726fd8b1162055ab64ea9b9a7b3ae126b

    SHA512

    7bebb01e10028d31a1b50553bbfc23c446b6c03fca8d1d5f5f5bcde4f4b482413ce229efe77f5f20d57c92ee8cbe8637e1a37a3066da2d44ab3a047540162826

  • memory/1716-20-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-75-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-2-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-4-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-5-0x00007FFDC1ED0000-0x00007FFDC1EE0000-memory.dmp

    Filesize

    64KB

  • memory/1716-6-0x00007FFDC1ED0000-0x00007FFDC1EE0000-memory.dmp

    Filesize

    64KB

  • memory/1716-19-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-8-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-9-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-10-0x00007FFDBF820000-0x00007FFDBF830000-memory.dmp

    Filesize

    64KB

  • memory/1716-11-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-12-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-13-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-14-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-16-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-15-0x00007FFDBF820000-0x00007FFDBF830000-memory.dmp

    Filesize

    64KB

  • memory/1716-17-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-33-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-7-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-3-0x00007FFDC1ED0000-0x00007FFDC1EE0000-memory.dmp

    Filesize

    64KB

  • memory/1716-18-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-42-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-43-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-44-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-45-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-1-0x00007FFDC1ED0000-0x00007FFDC1EE0000-memory.dmp

    Filesize

    64KB

  • memory/1716-64-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-65-0x000001398E980000-0x000001398ED80000-memory.dmp

    Filesize

    4.0MB

  • memory/1716-66-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-68-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-69-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-70-0x00007FFE01E50000-0x00007FFE02045000-memory.dmp

    Filesize

    2.0MB

  • memory/1716-73-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-74-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-0-0x00007FFDC1ED0000-0x00007FFDC1EE0000-memory.dmp

    Filesize

    64KB

  • memory/1716-76-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-77-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-78-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB

  • memory/1716-79-0x000001398E980000-0x000001398ED80000-memory.dmp

    Filesize

    4.0MB

  • memory/1716-80-0x00000139916B0000-0x0000013992680000-memory.dmp

    Filesize

    15.8MB