Analysis

  • max time kernel
    53s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 07:30

General

  • Target

    9ff9b3c921dd5f71d4d603d8fb3e90f36dae5b43b9eee1b4302c21c57e84f410.xls

  • Size

    172KB

  • MD5

    55070d18dcfaf2dacebd232e6e5ed106

  • SHA1

    dfb59c3b2e2f0097cf81a4f97a5c088c1e8684fa

  • SHA256

    9ff9b3c921dd5f71d4d603d8fb3e90f36dae5b43b9eee1b4302c21c57e84f410

  • SHA512

    bb6e504efabc9018bdfdee0778cde61ec2c5303d73f699e259bf7dd9e08aa3bcf3cea4626a65f2ce627fdb225b4808ef978259d3eec16379c80b903f27aa9e22

  • SSDEEP

    3072:wBVUpjDqF+wRjh4C+7UisD9q4z8kmODkACo0yAZjVurXn4Zbn8AhN6VJR10hI4Ws:QVUpjDqF+wRjh4C+7UisD9q4z8kmODk/

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\9ff9b3c921dd5f71d4d603d8fb3e90f36dae5b43b9eee1b4302c21c57e84f410.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\authorization.xls

    Filesize

    22KB

    MD5

    78fb4314e9df605d92540bad580dce20

    SHA1

    5669c84b9c6c8577d395f14614f783850cb70ca3

    SHA256

    afab6caa30f8ace9929880a27ce053536d5140711ffb62865ef9877be5a22688

    SHA512

    a070dcc629544c0a6a0f930a0e169960b257aaa4774f1ab89a5283b94a520584e8335cbb94a7d107efa855058a8cc1181ea6f929f72daac4d94c837b6eed7c97

  • memory/2908-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2908-1-0x0000000071EBD000-0x0000000071EC8000-memory.dmp

    Filesize

    44KB

  • memory/2908-17-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-25-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-64-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-63-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-62-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-66-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-65-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-81-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-110-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-111-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-109-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-108-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-107-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-106-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-105-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-104-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-103-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-102-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-101-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-120-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-119-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-118-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-117-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-116-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-115-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-114-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-113-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-112-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-99-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-98-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-97-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-96-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-95-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-94-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-93-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-92-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-91-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-90-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-88-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-87-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-86-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-85-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-84-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-82-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-83-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-80-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-79-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-78-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-77-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-76-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-75-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-74-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-73-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-72-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-71-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-70-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-69-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-68-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-67-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-100-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-121-0x0000000071EBD000-0x0000000071EC8000-memory.dmp

    Filesize

    44KB

  • memory/2908-122-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-123-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-124-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-125-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB

  • memory/2908-126-0x0000000006400000-0x0000000006500000-memory.dmp

    Filesize

    1024KB