Overview

overview

10

Static

static

8

ca828200b8...4a.xls

windows7-x64

10

ca828200b8...4a.xls

windows10-2004-x64

10

Analysis

  • max time kernel
    16s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca828200b8e5b740b9f2a497954fbcdd8f6d0287c875eb670bed508c29f7374a.xls

  • Size

    126KB

  • MD5

    9f5cb57e7c236901f7c5e3d21431f283

  • SHA1

    6d1d0c782ee64f1ea3f7ba94bfa05f3b87aa4c6d

  • SHA256

    ca828200b8e5b740b9f2a497954fbcdd8f6d0287c875eb670bed508c29f7374a

  • SHA512

    73a0b2aad5c7642d5540256d1bb4324742ded6a3a70bf8573a344487f741590cde943908e83b083592d563c6bd28cc467015e4ebeeb86f33f6be902bd38bfaad

  • SSDEEP

    3072:ssKpbdrHYrMue8q7QPX+5xtekEdi8/dgt3Syz+nzQIceCRlCK:TKpbdrHYrMue8q7QPX+5xtFEdi8/dgtb

Score
10/10
discovery

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://drvishalchestclinic.com/wp-includes/SqqCZQ6y2uyFF/
xlm40.dropper

http://funestotal.com/5aclo1em/21U/
xlm40.dropper

http://g-wizcomputers.com/party/61W0ovBu86/
xlm40.dropper

http://primefind.com/1mall-uk/h5/
xlm40.dropper

http://la-csi.com/mt-admin/BB7/
xlm40.dropper

https://pancook.com/newsite/H6xxeLefX1I2vgJFM1Y/

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\ca828200b8e5b740b9f2a497954fbcdd8f6d0287c875eb670bed508c29f7374a.xls
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2364-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2364-1-0x000000007226D000-0x0000000072278000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2364-3-0x000000007226D000-0x0000000072278000-memory.dmp

    Filesize

    44KB

    Download