Overview

overview

10

Static

static

10

f74b0b76d3...4.xlsm

windows7-x64

10

f74b0b76d3...4.xlsm

windows10-2004-x64

10

Analysis

  • max time kernel
    128s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2024, 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f74b0b76d3ff62dffef104124548f669dfeb0e83898286d3f026e0563a17c554.xlsm

  • Size

    91KB

  • MD5

    cf7ccabc9c093034b810ede876af9384

  • SHA1

    47fac97941c070e95db6e25d38bcae4634ab3fce

  • SHA256

    f74b0b76d3ff62dffef104124548f669dfeb0e83898286d3f026e0563a17c554

  • SHA512

    54418ac7f590caa1a25ab956bf588ce7feeae80eb0a253e5e19686397b9f4ea2d9e4452a000ae6303c09285fcd9223a0f9233b14db121c4f5fb86142b37f9acb

  • SSDEEP

    1536:xNrCX2N5nyV+ns1BVi/IEh2hx0Lx3bKhllGGx0vKCEjdQjqEk+xX0sw:x142byVEoBo6hKb4llGsQjbxBw

Score
10/10

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://themillionairesweb.com/wp-admin/MD/
xlm40.dropper

https://akhrailway.com/cgi-bin/b5c9CX4IK2GgN6C/
xlm40.dropper

https://cmbavocat.fr/wp-admin/uKCcU1bqvbSvE/
xlm40.dropper

http://idvlab.com.br/wp-admin/FIWBL/
xlm40.dropper

https://institutionsevigne.org/wp-includes/pvDqUHqjYEqoQ6R/

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\f74b0b76d3ff62dffef104124548f669dfeb0e83898286d3f026e0563a17c554.xlsm"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
    Filesize

    683B

    MD5

    93a3e3d47a892f157e0cbd446a764e71

    SHA1

    100691aa92ab0a9c5bca32cd15928ca1d51dc724

    SHA256

    3f269907e596f6c176b3645e22765ec29bc0518362e6a17925a4794437ab4de8

    SHA512

    331b7670969bcc3c153bc145e927dfb2ee65bbfdbab33985bd14d1d6c52b264a4c3c510b077ab37587e9679a337248f06b870bb06b44add3561351dcad3974a3

    Download Submit

  • memory/3208-13-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-6-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-3-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-4-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-5-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-7-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-0-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-8-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-10-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-9-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-2-0x00007FFBD9070000-0x00007FFBD9080000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-12-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-16-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-17-0x00007FFBD6710000-0x00007FFBD6720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-19-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-18-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-15-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-14-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-11-0x00007FFBD6710000-0x00007FFBD6720000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3208-37-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-38-0x00007FFC1908D000-0x00007FFC1908E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3208-39-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-43-0x00007FFC18FF0000-0x00007FFC191E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3208-1-0x00007FFC1908D000-0x00007FFC1908E000-memory.dmp

    Filesize

    4KB

    Download