Analysis

  • max time kernel
    47s
  • max time network
    25s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    02-07-2024 22:13

General

  • Target

    b95afbeaf5dcae99e48f365548f991b67eecce037af8a80df978bf78a65a1b03.xls

  • Size

    235KB

  • MD5

    e7ab1c69100ab89d92c49e5c19ba00e7

  • SHA1

    f196aecd6725640858d42a72ad757694f345cbe8

  • SHA256

    b95afbeaf5dcae99e48f365548f991b67eecce037af8a80df978bf78a65a1b03

  • SHA512

    6e76b671118bfb203e27a63965dc4526164cc621cccd446598d4e42ef21da73bca773030f1bc7eb0f569a8b3fd9d372cc80db79e06fef5cdff0848dd71e7b201

  • SSDEEP

    6144:IxEtjPOtioVjDGUU1qfDlavx+W2QnAJX5EW2ZKuF1Yt/8XyXhOdd6K05WM5nwQS0:uXR2ZKeWkXyXhgdL0E2SER9U27

Score
1/10

Malware Config

Signatures

  • Office loads VBA resources, possible macro or embedded object present
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\b95afbeaf5dcae99e48f365548f991b67eecce037af8a80df978bf78a65a1b03.xls
    1⤵
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2808-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

  • memory/2808-1-0x0000000072BDD000-0x0000000072BE8000-memory.dmp

    Filesize

    44KB

  • memory/2808-14-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-15-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-69-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-72-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-76-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-75-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-74-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-73-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-71-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-70-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-68-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-53-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-52-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-50-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-51-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-49-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-48-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-35-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-34-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-33-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-32-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-31-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-18-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-17-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-16-0x0000000000770000-0x0000000000870000-memory.dmp

    Filesize

    1024KB

  • memory/2808-77-0x0000000072BDD000-0x0000000072BE8000-memory.dmp

    Filesize

    44KB

  • memory/2808-78-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-79-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-80-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-81-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB

  • memory/2808-82-0x0000000006280000-0x0000000006380000-memory.dmp

    Filesize

    1024KB