Overview

overview

10

Static

static

8

中国南�...��.xls

windows7-x64

10

中国南�...��.xls

windows10-2004-x64

10

中国南�...��.xls

windows7-x64

3

中国南�...��.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 01:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    中国南方电网有限责任公司总部2012年一级物资集中招标35千伏及以上交流项�.xls

  • Size

    8KB

  • MD5

    c3b2ec97cbfac33d0f966c8d504f6a81

  • SHA1

    96186ea73e4554e674e7cf1f74fa8810fcde7a2a

  • SHA256

    b3dd6e6b72ae0cee51e1f25349b8a4e805fcbe468f017724d0b67d0ffae49e80

  • SHA512

    931ad2edaaad7e796ab60b9f6b614f34b9d9c484db565dfcb53903f2200d8dac070cfdbe583a43830f24e918eac2aa11fd71c41556d296130e8ac652670586d9

  • SSDEEP

    96:/o68k43AgdLSUX2dIEH8R+IiMUNb9ZcNgYYLCPYycrNEcpw8wZ2a79xdyHIq:/o68k43AgdLSUX0MiMR2PLL1f

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\中国南方电网有限责任公司总部2012年一级物资集中招标35千伏及以上交流项�.xls"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4188

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
    Filesize

    1KB

    MD5

    eb0b3b0927e4bf5e01a23184b258d14a

    SHA1

    06cf24b61778b6bc5f7a080b1db5f0e23e856b18

    SHA256

    943bcffd1c7f9ccd6a54f998cf580cc9f2ee2b9488898b6ba76454e30f4b4ca1

    SHA512

    558010baa56a69c27c91a79b83781568f766fa6d3e85120ba312b1c3b96a28e537223614d3e58fcc57e00540f20488efd4b9604f67a31b0c8bc3a27518ca5b27

    Download Submit

  • memory/4188-14-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-31-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-2-0x00007FFA68A70000-0x00007FFA68A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-4-0x00007FFA68A70000-0x00007FFA68A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-8-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-7-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-6-0x00007FFA68A70000-0x00007FFA68A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-5-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-11-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-13-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-1-0x00007FFAA8A8D000-0x00007FFAA8A8E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4188-3-0x00007FFA68A70000-0x00007FFA68A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-17-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-16-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-15-0x00007FFA668B0000-0x00007FFA668C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-12-0x00007FFA668B0000-0x00007FFA668C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-19-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-18-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-9-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-29-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-30-0x00007FFAA8A8D000-0x00007FFAA8A8E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4188-0-0x00007FFA68A70000-0x00007FFA68A80000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4188-35-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4188-10-0x00007FFAA89F0000-0x00007FFAA8BE5000-memory.dmp

    Filesize

    2.0MB

    Download