Analysis

  • max time kernel
    53s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-05-2024 07:35

General

  • Target

    e51de11ea907cd30d3e23b2fba41db97e5b8e6a09fac5598e558169addae508e.xls

  • Size

    172KB

  • MD5

    683c756c5d4b84c12071a9848635aa30

  • SHA1

    d4fd9fa1abbd12df8ed0951f8135c92f743f4c93

  • SHA256

    e51de11ea907cd30d3e23b2fba41db97e5b8e6a09fac5598e558169addae508e

  • SHA512

    ba39032e34eca9fc43d7996c6bc764681367634d263e3ef88f3eaa790323cf92b6305a4dc8176cbf0395d94d00fc40ef43dd7c3d8790641d38f3ce9f0e9a7fae

  • SSDEEP

    3072:sBVUpjDqF+wRjh4C+7UisD9q4z8kmODkACo0yAZjVurXn4Zbn8AhN6VJR10hI4Ws:kVUpjDqF+wRjh4C+7UisD9q4z8kmODk/

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\e51de11ea907cd30d3e23b2fba41db97e5b8e6a09fac5598e558169addae508e.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Excel\XLSTART\authorization.xls

    Filesize

    22KB

    MD5

    fa3e8b11533f900911addb7a92c273e4

    SHA1

    56994204655624df8b7b9580f3861a0ea7f3230a

    SHA256

    db8c1e55b7df206c65946dc1a3a1cede04feb72bdb2e3fe0e87efe89d4e8d970

    SHA512

    613ec66ceb2a0576182297238ed591dc650831497dc3d01cd048194f340f986f3fd3d0f6638569de0f52bd34bf34abd809e079258a3dd5888accfebf0de1973c

  • memory/2388-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2388-1-0x000000007258D000-0x0000000072598000-memory.dmp

    Filesize

    44KB

  • memory/2388-25-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-24-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-62-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-63-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-64-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-73-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-65-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-88-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-119-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-118-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-120-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-117-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-116-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-115-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-114-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-113-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-112-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-111-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-110-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-109-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-108-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-107-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-106-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-104-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-103-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-102-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-101-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-100-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-99-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-98-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-97-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-96-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-95-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-94-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-93-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-92-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-91-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-90-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-89-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-87-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-86-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-85-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-84-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-83-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-82-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-81-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-80-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-79-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-78-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-77-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-76-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-75-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-74-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-72-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-71-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-70-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-69-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-68-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-67-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-66-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-121-0x000000007258D000-0x0000000072598000-memory.dmp

    Filesize

    44KB

  • memory/2388-122-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-123-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-124-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB

  • memory/2388-125-0x00000000066E0000-0x00000000067E0000-memory.dmp

    Filesize

    1024KB