Overview

overview

4

Static

static

4

offerta Di...pa.zip

windows7-x64

1

offerta Di...pa.zip

windows10-2004-x64

1

offerta Di...24.pdf

windows7-x64

3

offerta Di...24.pdf

windows10-2004-x64

3

offerta Di...2.xlsx

windows7-x64

3

offerta Di...2.xlsx

windows10-2004-x64

1

offerta Di...a2.p7m

windows7-x64

3

offerta Di...a2.p7m

windows10-2004-x64

3

offerta Di...a.xlsx

windows7-x64

3

offerta Di...a.xlsx

windows10-2004-x64

1

offerta Di...f.xlsx

windows7-x64

3

offerta Di...f.xlsx

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 14:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    offerta DigitEd spa/RDO Formazione Digitale_ Info societa.xlsx

  • Size

    25KB

  • MD5

    d2b26b47b173deda0761e2213eb367e5

  • SHA1

    6786e7dd0a51d4de453497e2e8b79f56ecc1d085

  • SHA256

    4fce5b3f7a3d184197ed25d5ac883ee2e3eab8afbcc2cbb5d4e2101a7eb74cf9

  • SHA512

    8215e724c802adcf8bd1e5c40b4fe1376345252ec5346d7d6f7eebe51be936ee34f60edbb6a0b16676870e5ce50867b7c7b51cc0b6f7c3b4ac2cb45e344ff209

  • SSDEEP

    768:yKZ5KoUBV8chHzalpRvflLJmf7UQEU9Wuqh6i:yONumc9yph5U9Pg

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\offerta DigitEd spa\RDO Formazione Digitale_ Info societa.xlsx"
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3028

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3028-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-1-0x000000007208D000-0x0000000072098000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3028-2-0x000000007208D000-0x0000000072098000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3028-5-0x000000005FFF0000-0x0000000060000000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3028-6-0x000000007208D000-0x0000000072098000-memory.dmp

          Filesize

          44KB

          Download