Analysis
-
max time kernel
135s -
max time network
126s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 04:22
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order 24432 .xlsx
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Purchase Order 24432 .xlsx
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Purchase Order 24432 .xlsx
-
Size
14KB
-
MD5
d31859fb69340e3d8aee9d8bc98dfed5
-
SHA1
6b31e11e8c43a222bd07cd79273d9013b2137001
-
SHA256
59f1f955f073e2a326d914a15fff168d9c304795270b26bdfb5e1d68d1f96742
-
SHA512
94ac7f4d94f7c78d1e4a3a16f90d251bd7a815949039294b340375b0da5d2515444dc97e2319dbe6849267ee77f73470ff960db599ad6dae67c80e8e84052f00
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE 2976 EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2976 EXCEL.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Purchase Order 24432 .xlsx"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:2976