Analysis
-
max time kernel
137s -
max time network
150s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
08/07/2020, 14:15
General
-
Target
31PN.xls
-
Size
123KB
-
MD5
94a48c8430c69baca1ee704a1306d75d
-
SHA1
f581dc1ce5e90a0ddb7b039362585a35a701572c
-
SHA256
2b2b5c46d214c78f79d5f82b6bcd61ecf6fc2a89c47a976d0522bb8741de826a
-
SHA512
6c56b7c3c8a692a97ae04a83c94143717e32f3b6be7306c4d402742d7a10742715b7b149d8fb28794b32e45a7f92c9f79617b0363a4725da140335fecd448f79
Score
7/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\31PN.xls"1⤵
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Loads dropped DLL
- Checks processor information in registry