2af03243cc8d8211f2c8de3d8aaed7a7ffe80c35dd4382bdbc17c37656a1114b

Analysis

max time kernel
23s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2af03243cc8d8211f2c8de3d8aaed7a7ffe80c35dd4382bdbc17c37656a1114b.xls
Size

110KB
MD5

394e688b263f8944680ceb9abd7932c6
SHA1

60c156d16d2337b7d38262b5900490fccf145bb9
SHA256

2af03243cc8d8211f2c8de3d8aaed7a7ffe80c35dd4382bdbc17c37656a1114b
SHA512

312e6273a8a588c8aa1859d2a5724f345abdeb8debdc7a1ba5525073e35eb1b67915b5a1a36d39956a72c8eb1e856f691ba22b9b64c5b5fb0e4e0a45bb017014
SSDEEP

3072:9/7uDphYHceXVhca+fMHLtyeGxcl8/dgC6YsFmDJEFB6cn4p55wY5pxlsc:57uDphYHceXVhca+fMHLty/xcl8/dgB0

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://veteransplumbingandsewer.com/rvevbrpazcgj/555555555.png

Signatures

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

2556 EXCEL.EXE
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

EXCEL.EXE

pid process

2556 EXCEL.EXE
2556 EXCEL.EXE
2556 EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

pid	process
2556	EXCEL.EXE

pid	process
2556	EXCEL.EXE
2556	EXCEL.EXE
2556	EXCEL.EXE

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\2af03243cc8d8211f2c8de3d8aaed7a7ffe80c35dd4382bdbc17c37656a1114b.xls
1⤵
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Fetil\Giola\vetera.exe

Filesize
1KB

MD5
567349d9e63a5227afd58eeb3a63151b

SHA1
f7e5edf71e4c4e678e2bf3fdff7bca39692030ce

SHA256
6ac6cb88ff6b42a2f8ac0ad8654460329ddf893b5556756d461c001dc123f777

SHA512
9533b3a6016930726c696fac281399e16342b3f3b7e3ac9a208234b0c3dc56350c7e65171afdd6003767c7bb09194afc803ffac60257e0f21e1244e6f9f8322c

Download Submit
memory/2556-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2556-1-0x000000007232D000-0x0000000072338000-memory.dmp

Filesize
44KB

Download
memory/2556-9-0x000000007232D000-0x0000000072338000-memory.dmp

Filesize
44KB

Download