Overview

overview

1

Static

static

1

47ee399716...75.xls

windows7-x64

1

47ee399716...75.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 01:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47ee3997168e1d2f64c940453432642e7f7cea124561a40904d7d8d3b58d2b75.xls

  • Size

    111KB

  • MD5

    9eba63f385b6efcc868f163cc53e5ef6

  • SHA1

    8da5ad24a8a94e035b473f82e03a57740413998d

  • SHA256

    47ee3997168e1d2f64c940453432642e7f7cea124561a40904d7d8d3b58d2b75

  • SHA512

    6c47a8bdfbc30422ab8805fb98f454ee8b71f65057e334a0ee7723a90d2e864efa44b02e98a3984f315222065002d3cb8894b99734807f78045811597207f342

  • SSDEEP

    1536:VU0BRPw/jF2gE+wxQAOhUMqTjfktX/t/qr2ml8Vvygn05kTheDm/:y0WF2F8ATjio2fVvr05ehe

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\47ee3997168e1d2f64c940453432642e7f7cea124561a40904d7d8d3b58d2b75.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1612
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:472068 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2432

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7fa2c399bf90eb61709bd583dfd36a50

    SHA1

    fa6d03c411c01ed3b6e5322e6ec30da3fb2723d5

    SHA256

    6837dd31baf2a8edfac90de3c24718d1ae3738ec329e57e2b6439b28a3680da7

    SHA512

    560536f6de8aefbf3e790134ab966d579560b0409aa0095aa433a0cd1dc50ccc6cfaca295fb6c137f6d889147646faacf09dc1e32b129b82ba36501b40b8e90d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2eb919cff2ff2c16ee36701abea13dca

    SHA1

    bd2ab312ece13ddac642fd12d8611eea885b1bd6

    SHA256

    f59719f43d33dc1106af8ec9925728c6255d5c3aa607db3a6b3b0e32ef0a8f74

    SHA512

    37fa8a7063738dd420fc8a3f49667d29119f8c3382c139ce54f41fbfaefe6f111bf5c5d46302ba81b71b555d886218f231d37d26ac66c1e4b2a71a6744816f3c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71239e50a2a1114b44890df85ca605ae

    SHA1

    647e8f12aa7073731f33ce1fcdc8a63ee65635bf

    SHA256

    58edf10c62945b792540567d9917f6d3cec4388b58afabeb52ef410a7b398530

    SHA512

    7509f0d0738c89a6b179e7f215779313475b54afed2788113cee81fb4a0bafed3d47ccaea86068b1ec7c59bd5e3668dd115023c953d23e841dfebcc964155fa4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68d551eb861f80f0900f6fb34bbed822

    SHA1

    726b95563633ea22238b141c3a43c877d9729a51

    SHA256

    6904de13fc621f8c09c2ceec44d74248791cb90a264dbdca6b4a9e1317d85f56

    SHA512

    50c20e6265ddef8e8a199ed83b27d391ffc26a032cfd152b377c1280ed00978cce35d2552e1cd25a27425357c0acbcc4b8e6b131e4c8ddda5c5d7d02b7c11917

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    659645696d3e9da77e400c5fb7a5d5cb

    SHA1

    00d077dbe3dbbe60691dacbf52022d57e5712f46

    SHA256

    cc7e231936abbe38b2094f88df63052a66b84c4ef630812dc90069d643cc754a

    SHA512

    3b6bbb5d04966d6fe0fbc6e4598500615544f2ba1ab49ec3e0c1a02cfdb3564f49c7c3ece8816ae16ef666be3a9a3a41735e6a3823766fb382e6972bd6396652

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6eaa7c57bef4af69829f9d480d8e08a

    SHA1

    07a727539ac4cd9b0a83f5ea71e82b2c92dd6641

    SHA256

    50a7e5ef1ca73a8c74fc441db2f0c459790b4686cc4c8da0d0f8becdfea41971

    SHA512

    f8e60c872e296a5087466518f3600df62b12b58b278d75f085882d85398da167b0dbe84d5a866d500cb8de81bb5a9663b4d16f46ac84a10cb782bf04051402a1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5ddb925bd137f095488500c4a00f5b0

    SHA1

    b3310310875fd29b871ade3ad471aefc953a2d65

    SHA256

    afd32204db78ff0d086c004bafb4be277d9c168426ddde30d52f76c898af95c4

    SHA512

    aecccfc4efb373e74a9e4d73568975368aea029aff6d7598f6ea8146fd261ee62e2e7153101279ab40d4a698d425c6016d34fae44d72de66b55cbeb29eaeccb5

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c237bde6d109bcbf8f2e9536615f9f83

    SHA1

    100699fb13918fb3df53f7a73983ab2b4acbac6e

    SHA256

    ba4ba02a5c841ffbae2fee198b1c971324beebf31a9a53c89a9aa80a394b2a39

    SHA512

    88bf70dc19ddd79e49042e5870183e1f779d7e7b7406d3df43b076d1b00e453fe76f83ef375010649dfd334437390ee157a49d16c848b34acabbed7c4691b064

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab1FF1.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar2004.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X7CX1TY8.txt
    Filesize

    68B

    MD5

    6aba2d2339c6fdb969b445353353e386

    SHA1

    b52dec0066490fbf3aba3ccc6e1e3dad1f164899

    SHA256

    5b50405812970882107440aac5f6dd81fb0a25a3b09f80ac1aaf2a8dbc612678

    SHA512

    3eaecd1c1537d06ad37ee4c1d7c98cb63cbe8250ee07c1a2bd58ae16e6e33d1d6e651188d7bbe7bc0426251b7ec13e98735d33d4804b7bb5f59a8283a78595b9

    Download Submit
  • memory/1612-63-0x000000007212D000-0x0000000072138000-memory.dmp
    Filesize

    44KB

    Download
  • memory/1612-0-0x000000005FFF0000-0x0000000060000000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1612-4-0x0000000004B20000-0x0000000004B22000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1612-1-0x000000007212D000-0x0000000072138000-memory.dmp
    Filesize

    44KB

    Download