f7b2408f51af51c7a3af135ace0622c7e42fc7e646af310aae3608b2e89a77ca

Analysis

max time kernel
0s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7b2408f51af51c7a3af135ace0622c7e42fc7e646af310aae3608b2e89a77ca.xlsm
Size

51KB
MD5

6ef1d7efa935a288e05c08bf10bf45c0
SHA1

d22b54f0d257571d2f66dad26d987a1625a8ef64
SHA256

f7b2408f51af51c7a3af135ace0622c7e42fc7e646af310aae3608b2e89a77ca
SHA512

6997a746aba91e51b02e117c75ac874dc74c7684e992e0b1696b0e3d8ae3c5bd7ad466ba1da50fbbf4425baa24e3354dcbe9dcb297523548c5ec76982901f059
SSDEEP

768:aICkZNRvmHvnQvlSQHAamYDSmPq9A3Bj9DLC+9uSEcmQThnuG3KC0VfVhC:aItBvGvQ8ncDSmSIBlGeuSEcm2h0HVfm

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	1216	2016	regsvr32.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2016	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\f7b2408f51af51c7a3af135ace0622c7e42fc7e646af310aae3608b2e89a77ca.xlsm"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2016
- C:\Windows\SysWow64\regsvr32.exe
  C:\Windows\SysWow64\regsvr32.exe -s ..\wn.ocx
  2⤵
  - Process spawned unexpected child process
  PID:1216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\wn.ocx

Filesize
23KB

MD5
4ed8ca5542b641fddd200acebadf4e3c

SHA1
41fd7fb6cb84805fbc229cbf13620f80a5008003

SHA256
3f03ee986c82c3be72da6272448f92d97426f53e07079334edeb502f6386cc33

SHA512
866719609b7200cdd4d97b6a83d7fb6424d3900b555e23d2db8744539b1ae204c0da0a5e595c676ee4cad7df3f743aad1e746c750cd30afe3a74d89bf188979a

Download Submit
memory/2016-11-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-9-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-18-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-21-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-22-0x00007FFFB5E60000-0x00007FFFB5E70000-memory.dmp

Filesize
64KB

Download
memory/2016-20-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-19-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-17-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-16-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-14-0x00007FFFB5E60000-0x00007FFFB5E70000-memory.dmp

Filesize
64KB

Download
memory/2016-12-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-3-0x00007FFFB8710000-0x00007FFFB8720000-memory.dmp

Filesize
64KB

Download
memory/2016-15-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-10-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-4-0x00007FFFB8710000-0x00007FFFB8720000-memory.dmp

Filesize
64KB

Download
memory/2016-7-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-6-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-5-0x00007FFFB8710000-0x00007FFFB8720000-memory.dmp

Filesize
64KB

Download
memory/2016-8-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-2-0x00007FFFB8710000-0x00007FFFB8720000-memory.dmp

Filesize
64KB

Download
memory/2016-1-0x00007FFFB8710000-0x00007FFFB8720000-memory.dmp

Filesize
64KB

Download
memory/2016-0-0x00007FFFF872D000-0x00007FFFF872E000-memory.dmp

Filesize
4KB

Download
memory/2016-13-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-47-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download
memory/2016-46-0x00007FFFF872D000-0x00007FFFF872E000-memory.dmp

Filesize
4KB

Download
memory/2016-48-0x00007FFFF8690000-0x00007FFFF8885000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads