Overview

overview

10

Static

static

3

19979.exe

windows7-x64

10

19979.exe

windows10-2004-x64

10

Factura_855.pdf.exe

windows7-x64

10

Factura_855.pdf.exe

windows10-2004-x64

7

qfmjhb.exe

windows7-x64

3

qfmjhb.exe

windows10-2004-x64

3

Fattura_855.pdf.exe

windows7-x64

10

Fattura_855.pdf.exe

windows10-2004-x64

7

gocbcx.exe

windows7-x64

3

gocbcx.exe

windows10-2004-x64

3

IoC/MIL000...0.xlsm

windows7-x64

3

IoC/MIL000...0.xlsm

windows10-2004-x64

1

IoC/PO.xlsx

windows7-x64

8

IoC/PO.xlsx

windows10-2004-x64

1

PO_2022-04-33981.exe

windows7-x64

3

PO_2022-04-33981.exe

windows10-2004-x64

10

IoC/Pagamento.xlsx

windows7-x64

8

IoC/Pagamento.xlsx

windows10-2004-x64

1

IoC/SHIPPI...TS.rtf

windows7-x64

8

IoC/SHIPPI...TS.rtf

windows10-2004-x64

3

SMK_29082022.exe

windows7-x64

10

SMK_29082022.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 20:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IoC/PO.xlsx

  • Size

    673KB

  • MD5

    916e97845046785cd1cecd13eb9066cb

  • SHA1

    10482433036f11039984f19c754bb75118fee761

  • SHA256

    4746681c92d6308c66e76d7ffc022d7fd91b91e364c3909875555dc13c13f28f

  • SHA512

    9e9b992540e71970b3f64195e34bcbb4447f2dee690aea11a8ae4636a69e9ad16c27f43a927b5cd8b1178b9201dd460569882ee7ddf192fdb45cc3edcc8e38be

  • SSDEEP

    12288:4HukDNlkQ4jffozcmljqcp25wqI/FMhVRCByJb0vpFP2srFVc7B2YCeNtRi5:Kv4j7TWQwqwF4IFb/c7BaUi5

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\IoC\PO.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-0-0x00007FFD784F0000-0x00007FFD78500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-1-0x00007FFDB850D000-0x00007FFDB850E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-3-0x00007FFD784F0000-0x00007FFD78500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-4-0x00007FFD784F0000-0x00007FFD78500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-2-0x00007FFD784F0000-0x00007FFD78500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-8-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-7-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-9-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-10-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-11-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-12-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-15-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-14-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-13-0x00007FFD76230000-0x00007FFD76240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-6-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-16-0x00007FFD76230000-0x00007FFD76240000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-5-0x00007FFD784F0000-0x00007FFD78500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2124-34-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2124-35-0x00007FFDB850D000-0x00007FFDB850E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2124-36-0x00007FFDB8470000-0x00007FFDB8665000-memory.dmp

    Filesize

    2.0MB

    Download