Windows Analysis Report
Supplier Audit F7.4.1e Rev.xlsx

Overview

General Information

Sample name:	Supplier Audit F7.4.1e Rev.xlsx
Analysis ID:	1500123
MD5:	be05ca0309e6728031853679b3601a9b
SHA1:	c26adb5dd976851c3f4fa4da962bcc3525730d20
SHA256:	08142af579be18b46194c9710c5747ccdde6c6a4bb73e261c496ea0585223241
Infos:

Detection

Score:	4
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Excel Network Connections

Sigma detected: Suspicious Office Outbound Connections

Classification

Signatures

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49752 version: TLS 1.2

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754
Source: global traffic	TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443
Source: global traffic	TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754

Source: excel.exe

Memory has grown: Private usage: 2MB later: 73MB

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 13.107.246.60 13.107.246.60

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: GET /rules/rule170012v12s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule63067v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule170022v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.dr

String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: clean4.winXLSX@3/3@0/1

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Supplier Audit F7.4.1e Rev.xlsx

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{7AE56342-BB04-429D-8C6F-57FB19ECFFF5} - OProcSessId.dat

Jump to behavior

Source: Supplier Audit F7.4.1e Rev.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Supplier Audit F7.4.1e Rev.xlsx

Initial sample: OLE zip file path = xl/calcChain.xml

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll

Jump to behavior

Source: Supplier Audit F7.4.1e Rev.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\splwow64.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Windows\splwow64.exe

Window / User API: threadDelayed 965

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\splwow64.exe	Last function: Thread delayed
Source: C:\Windows\splwow64.exe	Last function: Thread delayed

Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior
Source: C:\Windows\splwow64.exe	Thread delayed: delay time: 120000			Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true

ID:	1500123
Product:	CloudBasic
Start time:	22:48:56
Start date:	27.08.2024
Sample:	Supplier Audit F7.4.1e Rev.xlsx
Cookbook:	defaultwindowsofficecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	be05ca0309e6728031853679b3601a9b
SHA1:	c26adb5dd976851c3f4fa4da962bcc3525730d20
SHA256:	08142af579be18b46194c9710c5747ccdde6c6a4bb73e261c496ea0585223241
Filetype:	Excel Microsoft Office Open XML Format document (40004/1) 83.33%

Name	Type	MD5	SHA1	SHA256
C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators	573220372DA4ED487441611079B623CD	8F9D967AC6EF34640F1F0845214FBC6994C0CB80	BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	data	15E26458F394795BADE64A662D881B73	780FF366D6EFF9157E601545059F197F012D3072	8C9FA960371E2D06D7D839339A179C5B187BAF6628136418201DC255FA5EEF18
C:\Users\user\Desktop\~$Supplier Audit F7.4.1e Rev.xlsx	data	9C7132B2A8CABF27097749F4D8447635	71D7F78718A7AFC3EAB22ED395321F6CBE2F9899	7029AE5479F0CD98D892F570A22B2AE8302747DCFF3465B2DE64D974AE815A83

Windows Analysis Report
Supplier Audit F7.4.1e Rev.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report Supplier Audit F7.4.1e Rev.xlsx

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
Supplier Audit F7.4.1e Rev.xlsx