Overview

overview

1

Static

static

1

de528ee419...6a.xls

windows7-x64

1

de528ee419...6a.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de528ee4199b4f91b5258b4fb2339a147d2238fc53ebbd696a4ebf8bfd80316a.xls

  • Size

    912KB

  • MD5

    2d13cc1e09db0c3f89accfb8cf35b4c3

  • SHA1

    a3fe293b831576e9818d9570c71815acad8d6b1f

  • SHA256

    de528ee4199b4f91b5258b4fb2339a147d2238fc53ebbd696a4ebf8bfd80316a

  • SHA512

    dc3dfe22f57f01eb1fd23ebfa05c91c7f39d4105984c77af510493ef636d2a34d60efccd557b4f10f9f6060ece0c9e5215c472e0854914e38e9c593f6e653221

  • SSDEEP

    12288:Pn03UHjkbyKlXwUP/qPQZR8MxAm/SdiKCeOS+FW1Q9/Y4LzzsI6nzXYBZIrJnW8J:/0yY5GUP/mMx77w1Q9xzs5ziGxW7afA

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\de528ee4199b4f91b5258b4fb2339a147d2238fc53ebbd696a4ebf8bfd80316a.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1692
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2796
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:472068 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dccbe713224c53044a4572e06c3e41d3

    SHA1

    b17f2af988269591a8d72dd8f202d92ac25db61e

    SHA256

    58ad0d6b96740a73fd37d98b53e76137ce2b91289050f9d5ac7d681382b8aa19

    SHA512

    1d89282134977714b8591d3343e45811fefc78f11b1643e2a204a200b8d71e9e2c8d8ce74f4078cb14825faaba4dba0a612e568074301e88c0a5c7d1c41e0d7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47857c0f5eda69c68d9c05ea5241e232

    SHA1

    dc717ca0a67e20dd2c1b614642154f5416274539

    SHA256

    9db4f2bab501a1d5e4c46060f79c26ed446549b6569eae5892f7b39f873484ba

    SHA512

    f647fff24eea5ea27f94aebd744664746cec0953015f966db597bfa5e3b157ace1c9f41deb05f8ca8ebc83d38c6b73224337bfd8a08db7590f0f0d4274aa46c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d7601df26bb18bd7a10f4ef79b36191c

    SHA1

    d03b5418939e41ab5b999ced923d249d0526821a

    SHA256

    3215fc6b27fec2d716d18cab41a10bee132eb2f42fc032c38e6ee393a7af0c9e

    SHA512

    98cbefd584dfb7c60762bfdb456c05b6a825c77d3c7d9c5cb66e4aab5ece3c59f479e1208a29091c437d1f786c42ea3cfeebaf58b1f641bc21e8564b41325e37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    43e06278fbc5b81ad468453d3a381402

    SHA1

    ece4f571ebc6dbbfdbdd1b7a961924788d2cf707

    SHA256

    280ac494e1f15c5218d32c949a782fb64703ceb57e4f78e482a29ecf6a913e46

    SHA512

    1ad6c7826e857440d006e997e50baf92421aea4d59e7b96ba280c9eb570ac231686817175a24fbe2c8384bbc9c3dc86bf249871d1e0b1e047aee3e783607b447

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5dbe4a11086c581130268e4b3b60c2c

    SHA1

    cc322e1309b94c4be9e60a0e3236797313953c10

    SHA256

    07c2f8b6f2ea321944433331fa9a6e1fbdba656d3a2b916ff05adad51c759cb8

    SHA512

    6fad17e90a12bbc12b8e7021d3c3137e887bc0fce63a96730f12b7883c7e8893119c5db70ca8da4762c1a380c1f8355fe45b7b092f5c37fbb452db0782fe2688

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97b58145102bcbcb03bbe4e33d0e0ede

    SHA1

    86489c90e6708c47ff525cf838e278895d779e6e

    SHA256

    f711d8ad99741db687a3159fc711d2374df13291a5a60fe898c5417fbe571ae7

    SHA512

    3579efb8f34f4860c83547c83bcb261d2c14413e9194696de18a0d43f0b7b6d959e57aa9a8e39db84e0cb6636cc1c5f86a3a524ee4b27890f3af246e1c9aaf33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    56e8c3299eddf6190ad26028bfbeb1e3

    SHA1

    f1c653ae5ebf619901b7fdb2b1fae2b222a6930e

    SHA256

    986ac949ef4764fdc57bac6db10daabecc385f67b360e7ac4d94779e55fd7933

    SHA512

    43ed180fcfd1f9b635c4b231f54cb376d3013171a441bb13e8a08ad6fda432e1f7987020987ec3e26778334dad17b88de70f22abeb42f2e7b2a707dd6f34365b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c4bdfe9c6aea5c49a77e7ea85b82cb22

    SHA1

    8dd92eab94d3709032bceeeb364b6e72fd86b94c

    SHA256

    a6bff9621d9673ddca85e4db3aeeb4091b2c357dcd7ad60c451ed9ddcdfbb126

    SHA512

    f0fba47c676eade03e049e23f0e98d9504fbdf72b888a580b5991f4f8c3ca34bd1c616c30bef3bf6d9bff585af8d7a12a993c08741fb3284e3cd8497de3f9e86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    996d754d930cc75615abe735677b28a4

    SHA1

    492f59c435f25ccc96b0b7a67f7484ca1626b523

    SHA256

    ff74f62ac4dd42253de2f1a5a821fa23a8811974d49819b1a43e119f72fa4c9b

    SHA512

    0c10cc3a6db930ea1aeaab18b08193c7ac860fc667b9fceb88b27c6e654a1ccf2a1222ae1fb58e0bbcb796a4d8eec0cf56bfc7e9784165692b2905a812ee04c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6c85502ff9933e97047140164d10d63b

    SHA1

    e4328ab1d6a58dffa86128d7abd4630a01c01dd8

    SHA256

    f20253030b3f7184fe2c921619f56f625544f69ff79f3c9324519b8e8db35885

    SHA512

    47e248c8597b393305d871eee18f70966bab51d9eae4a40dbcbfa94b4dcdb66b624e181218ce981ab2ecbeb563287f809f701a79fd9cb394e598bed295369d87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab44FE.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4520.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HC5FTKOM.txt
    Filesize

    68B

    MD5

    95ae092e7ebde5402d195a659d8ac670

    SHA1

    63a837f7e906f1f0cc2d68db880e072d907bc9b7

    SHA256

    f591f35e98f2528ae4509daed8e31318b705cb01e402d33e433dd76ba02d1575

    SHA512

    94c5d89063e99ee9993b3a53790f8cf1e7546ec8940a50ab48bc37a0915bc1f30b1d5f4ea574a7f2cb807e23d9097090879978e4a68de94590d39f3303e3f3ac

    Download Submit

  • memory/1692-63-0x0000000072ABD000-0x0000000072AC8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1692-4-0x0000000002F10000-0x0000000002F12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1692-1-0x0000000072ABD000-0x0000000072AC8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1692-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download