Analysis
-
max time kernel
137s -
max time network
132s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
07-07-2020 18:01
Static task
static1
Behavioral task
behavioral1
Sample
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls
Resource
win7
Behavioral task
behavioral2
Sample
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls
Resource
win10v200430
General
-
Target
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls
-
Size
189KB
-
MD5
4fda007a1779631ae14da954cb0b95d4
-
SHA1
f335a6c4998871b9f7ca20e5e7f41878db0f2b3f
-
SHA256
4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f
-
SHA512
7d907f5ddc72823e5dea5fbd393ec6002fc1b2bc858cc5017c0984de4c6a504407ce942ed854deff02cec41871cfefb4475337c65b8a4993a9c52364a5d77f46
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
EXCEL.EXEpid process 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE 640 EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 640 EXCEL.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4989a6b8805fbd75b9d414c956751e4bea044ca394e36fda46b7dd472d55f28f.xls"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:640