Analysis
-
max time kernel
139s -
max time network
134s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
14-07-2020 06:44
Static task
static1
Behavioral task
behavioral1
Sample
ef096dacf716f9b86096118b769142415c22e921ea7be3cb65e146a24bf64636.xls
Resource
win7
Behavioral task
behavioral2
Sample
ef096dacf716f9b86096118b769142415c22e921ea7be3cb65e146a24bf64636.xls
Resource
win10v200430
General
-
Target
ef096dacf716f9b86096118b769142415c22e921ea7be3cb65e146a24bf64636.xls
-
Size
186KB
-
MD5
e0fd5f9ffbc9eba002dbbc16823a3c18
-
SHA1
38903ad45f9611dba7d355432c3847ce8a1d2ae9
-
SHA256
ef096dacf716f9b86096118b769142415c22e921ea7be3cb65e146a24bf64636
-
SHA512
83f240517c10d52d7ce55e53150d82cf235407b2b36900d86c4b57d001f12af32f7523cb38815e3b04edbd627a6b417a0aad93017c504745f54ddbbf63949eb7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
EXCEL.EXEpid process 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE 2416 EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2416 EXCEL.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ef096dacf716f9b86096118b769142415c22e921ea7be3cb65e146a24bf64636.xls"1⤵
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
PID:2416