Overview

overview

3

Static

static

1

9511b4e366...c2.xls

windows7-x64

3

9511b4e366...c2.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9511b4e366295c44867d8eee1689b3f4c56e07e11e8252f9ec56acee0b16d2c2.xls

  • Size

    632KB

  • MD5

    c1d8b9d7970edfa3503368ba49593d09

  • SHA1

    4a13990f08f0b1e93161bd951a58fe0ed9f2e2ca

  • SHA256

    9511b4e366295c44867d8eee1689b3f4c56e07e11e8252f9ec56acee0b16d2c2

  • SHA512

    9c55b8277234321c80c5fad77051cbf484c513201a3aa7f95b841014a60d941dc8f08b7c2187246d1fc1fba87fc77b948b192dd0c214e5ba9c2574f2e5352a04

  • SSDEEP

    12288:8WOqcv4hcMe1o6rScV41lSjGLTL6FqST4aTFbLk9WCA:IqcwhchvSA4eKfLUvpk9Wf

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\9511b4e366295c44867d8eee1689b3f4c56e07e11e8252f9ec56acee0b16d2c2.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
    Filesize

    1KB

    MD5

    3e1f1b8873a08d374e7dc83d438f987d

    SHA1

    996b6e71eb47b3396ad6a96f70e44ea3f9a0d69e

    SHA256

    471ec8c8c4b3c54a54c029b49073be617a5608eaf9ef1001d7c7e0b51acddf8c

    SHA512

    49f69897907f82380ca45333af3623a1e606d21b03d90960caf540fc4ab5eba32d381cc418bec9803ee0aac61dd12644fe5a6e3c428000d7f631c8e1134a07a2

    Download Submit

  • memory/2804-16-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-1-0x00007FFA860B0000-0x00007FFA860C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-12-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-6-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-4-0x00007FFA860B0000-0x00007FFA860C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-5-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-7-0x00007FFA860B0000-0x00007FFA860C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-11-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-3-0x00007FFAC60CD000-0x00007FFAC60CE000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2804-0-0x00007FFA860B0000-0x00007FFA860C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-14-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-15-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-13-0x00007FFA83930000-0x00007FFA83940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-10-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-9-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-8-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-17-0x00007FFA83930000-0x00007FFA83940000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2804-35-0x00007FFAC6030000-0x00007FFAC6225000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2804-2-0x00007FFA860B0000-0x00007FFA860C0000-memory.dmp

    Filesize

    64KB

    Download