7fbeb474f98198020a1190b79ad14dae98cf76fd40cc687887fd3b59110eca0d

Analysis

max time kernel
141s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 05:18

Target

EXCELtoolVSTO.exe
Size

9.1MB
MD5

c748e7b27c235b096cef708310e6fa31
SHA1

aab05e4e9372b6eb4f38b44f2de84345fe0b86f2
SHA256

bf974d8a3689c5e30b4e6b5cc00abfac99c7a0591dd4e303a158b89827ca333e
SHA512

2a20c91d9cdf0025c8f1f0c06401173236cd8ca4748cd0f85ceca408aab69e8790a2699f28f69f0d1585ec6e20ecb2443d33180c4657952eab8f88eccbcb5ce5
SSDEEP

196608:wTlQawKlgcR4z7DZoZwhY0SCaHqnM08KLih:wFwRcu7HhIHqnM04h

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3660	EXCELtoolVSTO.tmp

Loads dropped DLL 1 IoCs

pid	Process
3660	EXCELtoolVSTO.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3660	4372	EXCELtoolVSTO.exe	83
PID 4372 wrote to memory of 3660	4372	EXCELtoolVSTO.exe	83
PID 4372 wrote to memory of 3660	4372	EXCELtoolVSTO.exe	83

C:\Users\Admin\AppData\Local\Temp\EXCELtoolVSTO.exe
"C:\Users\Admin\AppData\Local\Temp\EXCELtoolVSTO.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Users\Admin\AppData\Local\Temp\is-U4I0L.tmp\EXCELtoolVSTO.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-U4I0L.tmp\EXCELtoolVSTO.tmp" /SL5="$6020A,9223473,74752,C:\Users\Admin\AppData\Local\Temp\EXCELtoolVSTO.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3660

C:\Users\Admin\AppData\Local\Temp\is-9VIBL.tmp\isxdl.dll

Filesize
49KB

MD5
02ecc74f7f91e9ffd84de708683236a6

SHA1
3532de0b77df8b0fc89e9c7eddec3fa71f98f5a2

SHA256
30ad8a0e1cee091ca48c771adb2e76baf1a7d54b9f60dc47f54dfdc2d6f6691e

SHA512
a3fdaa651f82428395bc412a2a04fce673768d3ef088b3748addf337d95464eb141ae7c286bff5c705eae05dd7b38207629588ae7e89ada15269463cd7acf541

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-U4I0L.tmp\EXCELtoolVSTO.tmp

Filesize
720KB

MD5
71f05c7a4daf1da7c9df96b87b74587c

SHA1
a0446c42ac644025b9e06180e880ba4b8fceec9e

SHA256
28041d160f694bba114a9fbce03aa790c1f7935429352472e2a827537b1890a1

SHA512
a8da58bd9213e4439b8e1da6b368089a09c4aff593f2d22d71412370530edb9f06fb5128afccba2132f3ac042f81cc8d6731b4566d7ccd50e3b97ff0487141a9

Download Submit
memory/3660-7-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/3660-17-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/3660-20-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/4372-2-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4372-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/4372-16-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download