Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
20/11/2024, 05:39
General
-
Target
83d9735e5375906cbb6adf6e1ac9e2992700fe59b99887c6f2ce65d9a85088f4.xlsm
-
Size
46KB
-
MD5
7a9b502cb0f41702c1f4aca85a3beabc
-
SHA1
921b7b1be28e4beec725f6a824460ea3fc5f58d5
-
SHA256
83d9735e5375906cbb6adf6e1ac9e2992700fe59b99887c6f2ce65d9a85088f4
-
SHA512
1f6a26e8a28db4969eed98546f233038e4be9e26ecf5214b19fdd4da91cb7d4da6ae7cc8cfc072d6324b61c70097a6b261e03c8f29582aa9e2c99c62c0145505
-
SSDEEP
768:H1m2o0pOODOevZCwrvtTzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0Vf1V5f+:H1HoadD3tT5fTR4Lh1NisFYBc3cr+Uqu
Malware Config
Extracted
http://rosywhitecleaningsolution.com/wp-admin/PqMw6fND8Bb1I4VPR10/
http://havilaholuemglobal.com/dofz29/ymIfCcEL8I5kjA6E/
http://www.floresguitarinstruction.com/wp-admin/jWlCX/
http://www.drcc.co.za/restoredcontent/nAKvnbRpazx7c/
http://aopda.org/wp-content/uploads/RDL75PME7OKHk4f/
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\83d9735e5375906cbb6adf6e1ac9e2992700fe59b99887c6f2ce65d9a85088f4.xlsm1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWow64\regsvr32.exeC:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx2⤵
- Process spawned unexpected child process
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD538a18e53e37b9f04763fbdc49fc90f79
SHA1a2e488eb1019ab65f9da37b098d790a3f569b15b
SHA256e0a380f1d0f2b657be3da3dcdba5534a6000a3eccf041a2156a1d0e6b6fcf485
SHA5129c089c1e41ff6a0bae4cb87f8f84470398b8185e733de8a38e220f09cfcf57a63241909480d16a3de8399a6a8c8fc6f201fbf8144f5494f4968da4ee30bfba5d
-
Filesize
64KB
-
Filesize
44KB
-
Filesize
44KB