Overview

overview

6

Static

static

1

66b66fcd3e...5.xlsb

windows7-x64

6

66b66fcd3e...5.xlsb

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66b66fcd3ebb2a51ef73fae0049f5029215ce432d3647bc54ee5245912a6c955.xlsb

  • Size

    1.6MB

  • MD5

    a63485b442a8206671ebc6a88be95235

  • SHA1

    6527d42ec4b02786a32169dab0389a4774ad19b8

  • SHA256

    66b66fcd3ebb2a51ef73fae0049f5029215ce432d3647bc54ee5245912a6c955

  • SHA512

    f20136bc6815771eda601eb610b69fe151a708c1efc1f0774023ae9c5ae08394bde0877d9b413e39fd21b33cb88bed0737ceab29dc8218a12d8d972ac5beec59

  • SSDEEP

    49152:un29XzQSjOwUpz7qI6AtLqj+Kxaj/zEpSbbHJ:ASKwczOIdlEaj/zEsfJ

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\66b66fcd3ebb2a51ef73fae0049f5029215ce432d3647bc54ee5245912a6c955.xlsb"
    1⤵
    • Enumerates connected drives
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1780

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1780-0-0x00007FFE76310000-0x00007FFE76320000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-2-0x00007FFE76310000-0x00007FFE76320000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-1-0x00007FFE76310000-0x00007FFE76320000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-3-0x00007FFE76310000-0x00007FFE76320000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-4-0x00007FFEB632D000-0x00007FFEB632E000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1780-7-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-6-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-5-0x00007FFE76310000-0x00007FFE76320000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-8-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-9-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-11-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-10-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-12-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-13-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-14-0x00007FFE73FD0000-0x00007FFE73FE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-15-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-17-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-18-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-16-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-19-0x00007FFE73FD0000-0x00007FFE73FE0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-31-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-33-0x000002D65AB50000-0x000002D65ACF2000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/1780-32-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-34-0x000002D675980000-0x000002D6783E0000-memory.dmp
    Filesize

    42.4MB

    Download
  • memory/1780-35-0x000002D65AD00000-0x000002D65AF94000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/1780-36-0x000002D657690000-0x000002D6576EC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/1780-38-0x000002D657630000-0x000002D657652000-memory.dmp
    Filesize

    136KB

    Download
  • memory/1780-37-0x000002D65A970000-0x000002D65AB32000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1780-39-0x000002D65BD30000-0x000002D65CAC0000-memory.dmp
    Filesize

    13.6MB

    Download
  • memory/1780-40-0x000002D650190000-0x000002D6501A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-41-0x000002D657710000-0x000002D65771A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1780-42-0x000002D657720000-0x000002D657742000-memory.dmp
    Filesize

    136KB

    Download
  • memory/1780-43-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-44-0x000002D67C700000-0x000002D680A16000-memory.dmp
    Filesize

    67.1MB

    Download
  • memory/1780-45-0x000002D657750000-0x000002D657778000-memory.dmp
    Filesize

    160KB

    Download
  • memory/1780-46-0x000002D6577D0000-0x000002D657820000-memory.dmp
    Filesize

    320KB

    Download
  • memory/1780-47-0x000002D6501B0000-0x000002D6501C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1780-48-0x000002D6576F0000-0x000002D657708000-memory.dmp
    Filesize

    96KB

    Download
  • memory/1780-49-0x000002D657880000-0x000002D6578DA000-memory.dmp
    Filesize

    360KB

    Download
  • memory/1780-53-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-54-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-55-0x000002D65B4D0000-0x000002D65B9F8000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1780-80-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-81-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-82-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-85-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-86-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-87-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-88-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1780-89-0x00007FFEB6290000-0x00007FFEB6485000-memory.dmp
    Filesize

    2.0MB

    Download