Overview

overview

1

Static

static

1

258a142a0e...b9.xls

windows7-x64

1

258a142a0e...b9.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    258a142a0e0cbb673697eabf88315dd8bfdcab2856dea0db12430ac938fb94b9.xls

  • Size

    111KB

  • MD5

    1aebe4c509eb170bd5fbb5af3e53e1d6

  • SHA1

    623c7967628952c7a86ead2cbf72f32ab7f2d3d2

  • SHA256

    258a142a0e0cbb673697eabf88315dd8bfdcab2856dea0db12430ac938fb94b9

  • SHA512

    e1ef59f9652aae3f6325515b86a88030ae595e3010244eb44a9b75c5c6b271bfbaefa761ecb674640eb3e85ad39901a3df1b336ce19f438c1a7abb7f1a9a36a8

  • SSDEEP

    3072:90WF2Q0AVhYkbJIm46+nhLwFiLJU2vDR:90W8KVhYW/4/F9Lu2vt

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\258a142a0e0cbb673697eabf88315dd8bfdcab2856dea0db12430ac938fb94b9.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2180
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2784
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2620 CREDAT:472068 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2bcf1583de6f922af8f3749683a3ef66

    SHA1

    9c86415c3eb0a653cc9b16f0621573f4ab95fbba

    SHA256

    a742b0c60b814c36714953bb3ba92af17c55c4896b73ad0a8ff3c439076fc44b

    SHA512

    6cf25ac48fa21f8d495952e3860f4b141ca63c58bec92802134d7fc6b83a86e7811dd951f9d9d6eee2df9058880711fe98d5c61bbb0a923b9f6620f7e408d1b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ab4d225b98505b6e820a3e76822f6e2

    SHA1

    e940031ee6d6b1e489c96fa217417b30eeaae7df

    SHA256

    8f9a56be173c0789244c6f3a1de2acad40327cf544f0297674bd6c249ab8e9c3

    SHA512

    81ba7c81dfdba823815ba382911759bef708ed040f16c076d361a454b47cfacbdc8bc2ea748f04839592e694e29f32e3ad7c2d9d77d33913430503e88b6a8350

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8cc611da0c16c2ab7161b36e47c5090c

    SHA1

    32ac6e65f83f01a1afb1d89430a87e2e4e0575ee

    SHA256

    bfe206a2b78e960040de01a0966f26aef32a2edde9ff9159eda919def9fabe3c

    SHA512

    96ded617398a7db481451b4f276d0ed232675253e2cbf55a72591283f1b048efebf86c33732686c85bb524167e02b55821999d26bf093bf24d5da579783ebd0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9af18bc945329164157de7b4e9e9ffd9

    SHA1

    e0f7e599e488364e35beab9ef669f8c0733098c7

    SHA256

    aec9c648eaeeb14f600de5a76b156d39ed0b9ebc2b99eee4ee34e62f87d5ea29

    SHA512

    b59f748e51e5d4af2972957bc1f3f704ccf7aab06849df2e095bfba677a9cc61d00bf27e664a565fefceb5f356c6f144101d928afe5f827d0f7f2c0675b3b1c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ad82ac9724befd87b39a7ef106f9965

    SHA1

    60d8649dd0ed53356dbc989d8126b97e5c6cc39d

    SHA256

    a874c543ba8fcf0f3daf417f66fbfda8cd277cc34ec8e98afa4c5872d08f79b5

    SHA512

    00e9cba5263d841003c42d097531739cb10ca283b5eac288710f32a80f1bbb6e37924b027715b0eebbb6c9eec19fd2d1be63527feca627f15ad530bdc79ba451

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3c4c26c3521acd1c0305e3a141e6732

    SHA1

    5347600258434fda65bbc625dc55078541c54965

    SHA256

    bcd2fa5142ecac3c5f350131650dcb6a19d410bf13a32c87a743b96def10ef9c

    SHA512

    56d55d257dcdb75c0187ab9119f9ef8f2d48943639dd1d1bef4071e810a5ddf81af376db924536b42761bd1a37a112f10d189ae43f8cf588560d20af17a0e815

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad71f0be6f24b0a55b35309eb277c233

    SHA1

    1f51dcf7a73be6d7d1e61dd962cf2f027f5e48f4

    SHA256

    d203a0f371d7a411f6e47d36cba24c60d7af15b9c64a187876a6c0750b581f7b

    SHA512

    07bf73db9caa43de05d25967a1b3355229a277149be14bb0658903624a1347831b358190995aae94a8ee74eab70456774b30ef3be175671ac8f074f781c43907

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71d3899387d8da311379d367b5a762cd

    SHA1

    fed93e07d8d98996341f39d0e9e33c009b9a39be

    SHA256

    00a93f07e65cdc90e612df0fe35962511acd280ea96a34f70c174eda3f4d0f1a

    SHA512

    f52c3a48a5d61e0f75d1fe6d6ee6d82e959fd30060149df1baa879b9f3ab5aaff247b83863041a99d81f88280785052560b766e115af910b92650deebfe0e7a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf067d0374162aa59a776e42529b9d41

    SHA1

    d9786730d1fcea08771782aa48644c7427f53919

    SHA256

    32110f4d54bb34f6e6874d1cc973c78d8832465da547eb174508d787cb734509

    SHA512

    01c92d9d2d277f625adb71cf49d02aa149661a0f4328326077dd4b47aa932f9f4b7a067698fd70cfef65f9f93cd162b3269e89fa8f546d67289133627e748d12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    317619349b53ed9f70d52f159dbc2989

    SHA1

    285dd8fa6b1b22597dc6dfcda22e5f00a257d1ff

    SHA256

    741bf7f33d7fc016900303b3bb1dca98772bc7a70babc5b22df4a767db3a0520

    SHA512

    8e952f1eee8562d75918588da0cee07caf6a0415c563063ca652400347d916208a85898e94d7a30c954ab87051447843c437a6b029a28986043a2c1efd89cfba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2F0E.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2F30.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EUFMRQN1.txt
    Filesize

    70B

    MD5

    3f094b329c31e9790481a111eee40904

    SHA1

    bf27d0c36c98d24ec10cf46e74f615ffb09a2aa3

    SHA256

    0c89c0bbeffd89fa92b2ba18fa0e142d7097e129cc9f189ce1e8781d0545efdf

    SHA512

    da59db679080333bfd2284a2256b9cca12dda5dae1218e91d47e4f27b61722d48adacdc410102fd464bbd3eebb9fef2eb28e806401b13ca71612607c91087e77

    Download Submit

  • memory/2180-67-0x0000000071D9D000-0x0000000071DA8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2180-4-0x0000000002FF0000-0x0000000002FF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2180-1-0x0000000071D9D000-0x0000000071DA8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2180-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download