hxxp://assets[.]ilr[.]lu[//]energie/Documents/ILRLU-1685561960-984[.]xlsx

Resubmissions

05/03/2024, 06:50

240305-hmd31aha6s 1

Analysis

max time kernel
150s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://assets.ilr.lu//energie/Documents/ILRLU-1685561960-984.xlsx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = e0ae298dc96eda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "415783331"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0919d93c96eda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB21BF91-DABC-11EE-A5A1-E299A69EE862} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000c7241005241f61a28e355e890dac3d49c86649b98d1d7dc6d74fa4eba62f7b72000000000e80000000020000200000008ee71912e4ca742245227d2493eb7a4c205c253712058e3b8a430db00c3c266a9000000087b225464abee1fe88e9e050d53867113435a94104d328d8b46dc6db57ebe2ccbbac998b3b64d312f75d7e93724895f427033a92f8097986958d47a874071faa07f106c13b47c7694d4d2806b0ac0837cf4819d2a8428600d23f17b4e3e63bc7f2b454334e4db2448435536c996543ca823a8b831626c5ed4cbcc28ef609165752cdfdad3c518149e93ce30e315bba2b400000007517947a13e2ebbbbd08ede474deda97e2181cf096e1f777afa6ca877e583cbf4b61f94dadc3663d9d34cfc56ff0651bdbfe1bcc779817a5b7a3a8436c3a20bc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a96069000000000200000000001066000000010000200000004715c1998635821ba993e07f4b7c0e6f8877a7f44c09b2aae89165e08b03ed84000000000e8000000002000020000000f85504e674d788a2074112157ce8cb4281ee363d0c05c8fb84f10cf0d6282cc420000000f51e76e355ea088bd3b7fb9756f91bfd435ee2d7512f4940ba50d0e30d681a3e40000000f9d8f3c6d6f85b85231eb1e40151466b58b8026ac0374f705ca60bab801114b82a0023027b0129648c01755de49ff48cee9bf52e08d8f52f1a927580710ec720	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	EXCEL.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec\application	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shellex\IconHandler	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" %1"	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon\ = "\"%1\""	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\ = "[open(\"%1\")]"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\ = "[open(\"%1\")]"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command	EXCEL.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Documents\https:\assets.ilr.lu\energie\Documents\~$ILRLU-1685561960-984.xlsx	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
308	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2112	iexplore.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2112	iexplore.exe
2112	iexplore.exe
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
2748	IEXPLORE.EXE
308	EXCEL.EXE
308	EXCEL.EXE
308	EXCEL.EXE

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2748	2112	iexplore.exe	28
PID 2112 wrote to memory of 2748	2112	iexplore.exe	28
PID 2112 wrote to memory of 2748	2112	iexplore.exe	28
PID 2112 wrote to memory of 2748	2112	iexplore.exe	28
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30
PID 2112 wrote to memory of 308	2112	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://assets.ilr.lu//energie/Documents/ILRLU-1685561960-984.xlsx
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2112 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2748
- C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
  "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /h /dde
  2⤵
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d5d36d49f8069b10afb7aa3ac8d08700

SHA1
15a4e21d3f8fb17b02afb749aca930b6a29b4881

SHA256
d6b3feaa9b7e1d435f26be21e893f302c3941f0b52af9927d283e52628dbd124

SHA512
0cdcf5b871b8e209f3f167188121c21d448cf9a2d87557bcfc4e29b960fdbd68e2ca817dac0433d10e802d27b396a4000d1c9f633a262c57470b7b43117c0325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d9da74ec23b3e661b4599a143041623

SHA1
004362ea05cf3d86aed2ffda4345dc779c23ae00

SHA256
f654965bd4d0cd6e9e90c372c14d3ec4cbbb935c1498b5f0507b999d41a45786

SHA512
c83a7493067425bd6c6f75902f8ebb71afb701e5ed2f740f7e10f1ba27e29f94ed1c15be8b9feea3502dce940400435231dd1c1432dfa679160cf57badc01847

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b9ded71df9e27bb07a7f13564ca88324

SHA1
2dc919d3c915952342b7885187bcd0feae70cc24

SHA256
eb41290d0ecfc3195712af6254669d1d7afa3b68f74df067bf6b8121c019f391

SHA512
c5cad5e8d84bb3ae52bf92d65e55a3bd082bcc22adb3433812c048c139902264314eb12a5a75732602710bc5e8f44b36e8475165fa4b2b77a3fa1090c756ae44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8df655b6d2d5f6748b1868ee5ef885c1

SHA1
49751874270464f68f2690fb77382b81dec67965

SHA256
0747f70da4f21e3c1c3ebc3970cb4dd8c7740ce49a87b9c947bb435868009888

SHA512
0f7dbaa447b09d1047b289e7e82bd1ca7d3a7ba0baad37188d69372b023f1b3462cfd8cbf28160af56ad7752d8ed5d0210b0d92152ec6b5331354fbf81a710e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c91b002f8bd7922d72c6cacf2b25cb75

SHA1
17c8d754dfcb7ff308362a2e14ae95d4b925ae27

SHA256
bc7f88a7dc1f9a8a464d04a1ff5af572fc8bf1484740ac996dab1dcfe8b68837

SHA512
f362ea77bf6c21ba7c70e6d0e5001ffe71da0a1892df41f6bc8eed0f67e2a5eac23ccc2dda970771df76a6a2ee3a8a55bf7e216869bcd5a1ef82d90b1bed6a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d724288d1b2485ec77e46ae720fb381

SHA1
7892db558363068ae6fbef30c3073b9c0869d4d6

SHA256
8d864eeb0f502ee538b4595920ccb6e7542a7060ae5580e3c448b4f47d3972e5

SHA512
5e9f1a50c49770376ea44b608962e45110804a10766b3332142fa573bc3b7fef1aacd92f9c41afe6a60b5f35445fb0fe8ce65703ad55b7f38df1c630a6781e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13c519c7c36fcbd3fc798c45d7b07236

SHA1
ee9bf5076a92c2af01ebc8088304eb46e9b0e564

SHA256
4cddf2b74be14ac809ebb6e06c1267f7ee59f6592d6e6eead9935947347a40be

SHA512
ebe617bd740a4a02e4ba1c6822d148b93fe3c13249aed84cf34c61f7d6c91901fc70da2725f13535ec590a255bb3a2daa9f532f78b34337fc7867a8944dd99bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8014074c0697a0cd3042bd3e94d6a406

SHA1
591fd5619ff14fb5af49d657c0e81122ad33d9f5

SHA256
a3ef1be5804905637fac24e4da144c8d5f2f259aade162a68ac0629b8cca9e2c

SHA512
7f1357b64c413af3db3703681103c257a223db6e3a5978d5774055866862c2d52b4ea806c73cf4b9f977e57b0c40cc9d9bdb0b9b48c08365ba4d24698c05d20f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ee9b081dd7d108e384a6ccaebbbf1a5b

SHA1
8259c02727065cc1eb72db75c199b400192da43a

SHA256
e15b9ec7e6f8a95f823353b07b739695d587d0759d2255418c4b2403c8d6f11a

SHA512
32607d24f13584c6263d9be58be8bb9e1fe9f801aed2c2b1cf79d5508eeff4684214d627ecdec37378ff0ef122bfe7860fdb37d7cbc7ed78f3120c126bf52c32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3e87cb61353b61afc5e9cd17b4a29e5f

SHA1
db9cd48cb1634a57a3a5d2379691806c88c2905a

SHA256
e64e34ce6a841fff1e602bf4b00ab24496e9f57aedbb93be4eaa9ca7b9ea6af2

SHA512
7baeed168c4740b06bdfb12f391995b53d0e4276999e74cba8292a4c8222496c677be3388f0e18faf8e993561b8c58e9755a4b2e61263523a0fb5d0f85fa0180

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f6e2f78b44c937d070a5d3b323795b5

SHA1
ec396e1a69d066a9d1dcb803f7757c87972e45b8

SHA256
e16a7c21bf70ae6b582e38b9b2b4c1bb9b199baab35b6e0c262ae92fff3404f4

SHA512
a85610b189496e4477208224d11b430a144bf472129e5bfb4005adcd53f0d347c0f4c450a6ecb376f440f1c342405bd2a8ce915527266bba33721680c1c138b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0392b046a29766c1ac2dfd695199bbcc

SHA1
995eaadbb2956b562e487988ba2da9673b08c192

SHA256
2f03125005e1272ba1ca1618e412da7f2f098b7b171cf70449c707219a8bfc41

SHA512
dd29c66fd7fce92bd96f2e0f3f84e2040df335e45029b5dd576563963993c8a16473b245667550ac729708ef3f4a5f862a99e5b8d6118867213c4787025c1d87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b83e4241fa027a37aa27511a5422f4d

SHA1
6e77d591a0f57ac669c4146f39ef2c4807d1f93d

SHA256
2d75535789e90b1b8ca2fc2f28b1cf36e07ac355ac345536dcea4a7ee9a8370b

SHA512
55346843f2b2da5cb77e796fc87589efc5ff56a31f80540e1a3b4d6a842c0ee4550c7260cc19a616213f8443aa00701550579871c111f1774b1d455a6060356a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9464e72675f87c1d8fa437ad8db88c96

SHA1
bc5cfcf4a80c1fcd48cfa4b50ac67a5260d207d2

SHA256
c3360238db2a6d87e68485aebecb804411cd104dc9539cb2075208867fba6f28

SHA512
53f9a201ff94a48ebb9ee6b8bdf70f70aee7ee5545a5b69e53c8354d4b08b949b66cd2db69d08e2b60140d068b7acf6bb46212b5606ee1fa79ade3ffff0946f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
70dae91170cab04cd609b29f664d5851

SHA1
5c859dec333cfdcf42e1c9bdb156c4f91257dbab

SHA256
a1dc93eb5175f103fa3c57c27c50cf1c522a18f084d724a8b2014cf66f61aa2c

SHA512
11f57d1e9d75b30344cf32b2c4284b66e4abdaedd0d3cbef58eed5153055d9927adee33577dbcb1b8bb1c24f91659d619ab47fbfc899afeda58dbc6e47c2345d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a999974477a253a7d9724d838fea2658

SHA1
f6a7805d3eff6f57f801e27638472a0c619afa55

SHA256
cbd6042ae4a244db159b654b009e354539911d955edc6a5f3c9c712ce28e9b83

SHA512
b7a952a16b7b57406987e9dcce8b305f63f06b9420ebde9805ece66ec5129046b2c39a49fe138c5d3c75ec9fb39192f25738b13ddf6157151c0e88490403636b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b068d94fb5781780cc975d09a3428ba

SHA1
060be3978d836eab10cc65c7e5ccd2cafa2b7167

SHA256
da86d300e759a4d8b02db6fcb1dc1e8ed22d97d61aaa08acbbb65048ba933b59

SHA512
fcb2fc4aab289ddf82a9c5686372c1fab17463611d2b56efadb38088ad095f662cecd63fabc8ae3ea0f0e731a3401928d4561b896a25f14880b7a03c805cd97d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b009d27ae796eb399e97532164f6c5b

SHA1
b0c75d8c2acba6cdecccee1275691b11097c9cd2

SHA256
2d07dc3042eb38c26cfa347f9b6d89ffbf77d92d9d6d125222a4adec9c1417ae

SHA512
3073ecdb135c09702b86c8d9776e77fc0f93b717093720016dcaaefa5aca34a42f62946b2bf1316c49bcd06a35964e5082bfa5fa21ced6f893ceef2b1caccea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a52a28370ca73b8c394ac8c171cda1ef

SHA1
954a690f116758c4d017149149e769136803c442

SHA256
64ae9bc21b39be340ede053c1337375c94b6a0dfc7ac791dd63dd89252208f7c

SHA512
232eeae40c3fddf81febe65309b522288bdc183169cae966e75098679da587762f8be7497266d0141e8f3df71c55d9bc46c6a92c5cf2be9e4ebab1cce6b3f659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
43e7f0ae56e11d436adf5b666496c21b

SHA1
138a08256fe83cdc8385d0855e1d7e20e95ff6f7

SHA256
c86c129450e4245f3296646ae4d718d8ad72be5b0196f975c121805099546270

SHA512
de5e3c540cc0f829b1c31489e7ace23ba8e9a0f51deaa7f6bc9c093c3dcb1a860c3e1d612fe96deaf5cbe0b75f81c7e68d9327336a01f822cbcfbf3a1316d01d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c5822904e37354898e861f79d0a0adb

SHA1
2e286cc8df804e85a4644694126c0c03d34fdeef

SHA256
56a1c7e7dd7ceef89901706a55028a26de28c090faaef2ff9ee8107305e851f5

SHA512
2ef37e6baa9aa415b36492cc36923cc9c7ddbf7e6f64207dbde53df555fcf3e4860ff92ec9b91fd2eed4b114c952122eb91282c7ac31b8c0cd033d8b22c65526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Filesize
128KB

MD5
87f15878ec84655c13cbd13ea2aa56d3

SHA1
a5292734ee4aec2ee712bc253b9120068c12b4fe

SHA256
b5d4b9a3f745fff4d200fa7d336fb3fdc373fa815ae19614a1783756939dc513

SHA512
fa62cadfe32ff77154b8884b2cc37ec209bd078772655252373fdcf81f6db42a6b5640c153f8b41b8078505018be7f2c1c13db64fc612efc4033bcd5c62f74b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{0EF34F80-E4EC-41BF-AAD3-D6CCE49D7222}.FSD

Filesize
128KB

MD5
ac9ab9dbcd5f358c1a69809084c61495

SHA1
b9a3b67401b9d810a30dcb4eeca422bb385f2e54

SHA256
c0f4747320d291ff12c0d27c7179938e8e76edd77f26b0fc802e7cb444edbca8

SHA512
d212aca8e6c1edcdb87842423fee115b8cfecec733fe6a06fac1d94682e8dd8f16796b7e80b143c3e24abd6e7b3b9dcd0d03f3ddae1ab9b4be831e53662dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1E861E1E.xlsx

Filesize
37KB

MD5
7cc7eb19279ecf334da3c26884c8cb09

SHA1
ef0452ab8ba41699686b4dba2f985c6153dd0616

SHA256
03816cd473cb6bb8f1fd28729bf2c7b6ae4301e682c2a3b27d696860cf8b4b30

SHA512
fe59d8e461cf381f4427f09835d62fd6049bf26e032422be905b93befdd2b93050e2c7580424c95e390f109ea65fec0ae97592cc8c06dd02c9a964a551a35676

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar15E8.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0DFA7D42-DD53-49DF-801F-6C78502F88E3}

Filesize
128KB

MD5
36f53192cf66cf1439cb862d74f74409

SHA1
b1baa307020d0796a2ee5d37aba9ae40a9c44673

SHA256
69311fe387daaf5841fb89bbf402d083c594cf33307d988e51b4aa9d96f9257b

SHA512
f379ac61d2622a0f49f4506db64eccad08992977110c123c8d4d133bac4a54409fd083f4823e97de70447dc16cd2f9d21afc7bd3aa27521ab69a9f5f11c49a6d

Download Submit
memory/308-1189-0x00000000702CD000-0x00000000702D8000-memory.dmp

Filesize
44KB

Download
memory/308-1082-0x00000000702CD000-0x00000000702D8000-memory.dmp

Filesize
44KB

Download
memory/308-1081-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads