Analysis

  • max time kernel
    145s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 06:19

General

  • Target

    A001605117J RETURNS.xls

  • Size

    3.4MB

  • MD5

    9ad071c8bd431d5da0a2fe5b78c281c7

  • SHA1

    fa415ae71da857cafcad3d7bba90a572e032e796

  • SHA256

    9bcd4c633a19f27a8ad274d899586b7bcf15b7aab54466ed46f3f3ef3558b372

  • SHA512

    cda084b4b0f94549a673b83490cd60b839d5c9ef8b2f6a53ff2819051c312aafc84208a4e92ea46b3129d2264de2bb564235a6caecc400767a19ef8bb873513c

  • SSDEEP

    98304:nY+LvW8rI4AJbnOGwQyH4QlAEqRj5U1kPzGDeajiI8tcCjV:YCvS3N04K8tcCjV

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\A001605117J RETURNS.xls"
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/836-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/836-1-0x000000007225D000-0x0000000072268000-memory.dmp

    Filesize

    44KB

  • memory/836-6-0x0000000007D90000-0x0000000007E90000-memory.dmp

    Filesize

    1024KB

  • memory/836-7-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-11-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-10-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-9-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-8-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-17-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-24-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-12-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-13-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-14-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-15-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-22-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-23-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-211-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-212-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-213-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-210-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-209-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-208-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-28-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-27-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-26-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-25-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-21-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-20-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-19-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-18-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-16-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-215-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-214-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-216-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-219-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-220-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-218-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-217-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-221-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-222-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-223-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-224-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-225-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-226-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-228-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-227-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-229-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-324-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-333-0x0000000006E80000-0x0000000007080000-memory.dmp

    Filesize

    2.0MB

  • memory/836-2160-0x000000007225D000-0x0000000072268000-memory.dmp

    Filesize

    44KB

  • memory/836-2161-0x0000000007D90000-0x0000000007E90000-memory.dmp

    Filesize

    1024KB