Overview

overview

10

Static

static

10

a9bbd2d141...d.xlsm

windows7-x64

10

a9bbd2d141...d.xlsm

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a9bbd2d141f9304bfed6ea56b7ff30c1ef88ccb8a35acfc5c7b6946dbcb1b2dd.xlsm

  • Size

    95KB

  • MD5

    077674fafdc8c99ab24a5e9aafd2bb7a

  • SHA1

    79cc94753d406001b18fa938014b217816477312

  • SHA256

    a9bbd2d141f9304bfed6ea56b7ff30c1ef88ccb8a35acfc5c7b6946dbcb1b2dd

  • SHA512

    0516c198cd037243726832370c718915c233e57c0544707de53e921720305350b9bb3d6d577dde24e3d0d953496a5e985a59e3409c873d82dfc3fe3fcf707db5

  • SSDEEP

    1536:8QxfGWXG8v5MB5Dg8cVoioFh+fYFl69oXiZ5bcvJlqGiwIWx1BcVXzAyVFfw:82318DsVhonV69o2bchgGaWBcpA+fw

Score
10/10
discovery

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://ashirvadgroup.com/wp-admin/LtoH5AWneDBZIV2D/
xlm40.dropper

https://patriciamirapsicologa.com/wp-includes/fVVa9DXB/
xlm40.dropper

https://forfreeiptv.com/wp-admin/s5Oxoskqv8/

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\a9bbd2d141f9304bfed6ea56b7ff30c1ef88ccb8a35acfc5c7b6946dbcb1b2dd.xlsm
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\SysWow64\regsvr32.exe
      C:\Windows\SysWow64\regsvr32.exe /s ..\dw1.ocx
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\dw1.ocx
    Filesize

    497B

    MD5

    1fcd9d5c78e92c9162a0137e16fc789d

    SHA1

    ae52e26fb3a0925d4e89daae97273f9f9a8bc514

    SHA256

    46a3d39e795525ab4fef4708d776bfd76bb72fbdc706362b3d5116c96189554b

    SHA512

    1bce8e389035f4a32766f55b089a216f7268ee469c92862ecc9989f757e03c6e1fc12e1968546885257ca35bcf1bb2087605bff28adfdb4e901e86cf6ec4bcc1

    Download Submit

  • memory/2468-1-0x0000000071E2D000-0x0000000071E38000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2468-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2468-26-0x0000000071E2D000-0x0000000071E38000-memory.dmp

    Filesize

    44KB

    Download