ba3c7a930968407429cc8e33aa79f4033e1cf2d1597973b6d6cd31b9382cef37

Analysis

max time kernel
139s
max time network
138s
platform
windows10_x64
resource
win10v200430
submitted
08-07-2020 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

httpbiz9holdings.comINVOICEM.xlsx
Size

14KB
MD5

e46baf854751a3373f7c3e2b29795c4b
SHA1

9ab7b5e8212077d63e4e3bba9e11723642ac2d13
SHA256

ba3c7a930968407429cc8e33aa79f4033e1cf2d1597973b6d6cd31b9382cef37
SHA512

a0401ae1b513ff4ccb314bebc77c682c4543a057609d8a724a6161625565de6687e4c04a1d0062684c5ed02a92cfac95960aef872aee900a07f06d4f8cf8828c

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE
992	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

992 EXCEL.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\httpbiz9holdings.comINVOICEM.xlsx"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:992

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads