Overview

overview

5

Static

static

3

AutoUpdate.exe

windows7-x64

3

AutoUpdate.exe

windows10-2004-x64

3

ExcelPlus.exe

windows7-x64

5

ExcelPlus.exe

windows10-2004-x64

5

Export.dll

windows7-x64

1

Export.dll

windows10-2004-x64

1

FlexCell.dll

windows7-x64

1

FlexCell.dll

windows10-2004-x64

1

Ionic.Zip.dll

windows7-x64

1

Ionic.Zip.dll

windows10-2004-x64

1

Templates/...��.url

windows7-x64

1

Templates/...��.url

windows10-2004-x64

1

help.chm

windows7-x64

1

help.chm

windows10-2004-x64

1

通用商�...��.xls

windows7-x64

3

通用商�...��.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    100s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 16:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    通用商品条形码目录.xls

  • Size

    15KB

  • MD5

    a7ea8725112cd0fd44aa0c8ec1171b49

  • SHA1

    756089c9bf9642cee0ea4485c972205077674399

  • SHA256

    c21e20c9f14bd404108c46b00ff73347de676c6f5e6c6bebd4327942fc63a090

  • SHA512

    a334d8d119f7f2d68d502b54e8c82ad3c34afaddd8e4b2fdce999a4fc495f4a6827b6c371a6df9e152713076114045ba64fbaf851420a538b74b0bc2085bd538

  • SSDEEP

    192:2bKp7p7p73p9eEv8R2j43Zg+LzUB5o30qR0D/tpu4JA/b/i:zVVV3fbv8R2PylG1g4OT6

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\通用商品条形码目录.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
    Filesize

    665B

    MD5

    d5d094d692bbe72d8e3a6b8d6f29222b

    SHA1

    17e49fa327c78e38b34b89fb1d6321750e9aacc3

    SHA256

    f3d25f7bdce900aa3f5110865ccd20b4aa6b97e56f3dbd30b9f1509e46216606

    SHA512

    16646724e5939554959fb8c6be5409552deca274422c9dc3b460382cbb55cf98036a9e4e89574c6351a7415f6997eac01afa2954392a47f8279cb914faa027a9

    Download Submit

  • memory/2704-17-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-53-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-2-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-4-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-19-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-11-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-10-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-12-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-13-0x00007FFA23960000-0x00007FFA23970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-9-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-14-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-15-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-3-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-16-0x00007FFA23960000-0x00007FFA23970000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-5-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-18-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-8-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-7-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-6-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-29-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-30-0x00007FFA65DAD000-0x00007FFA65DAE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-31-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2704-1-0x00007FFA65DAD000-0x00007FFA65DAE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2704-0-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-52-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-55-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-54-0x00007FFA25D90000-0x00007FFA25DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2704-56-0x00007FFA65D10000-0x00007FFA65F05000-memory.dmp

    Filesize

    2.0MB

    Download