Analysis
-
max time kernel
139s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-12-2020 15:09
Static task
static1
Behavioral task
behavioral1
Sample
Doc-7679.xls
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Doc-7679.xls
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
Doc-7679.xls
-
Size
31KB
-
MD5
e40c18535c48fdfe3b2e841d51c94038
-
SHA1
6e1e23e8891a8ecd8ee3d85bc77c281f4b6be63b
-
SHA256
d930f445a9053bfefd0cba7bf24b4ec7b267d5c498d4397d1bc694fcf0c68843
-
SHA512
ec1457b453beca0e7d543c2652f3b58b6a0f976abec2cb979f867518657a6a4248998febe37086d60dc3c193cb6a4e968bcd747c5541372dc0ed0f033e865bd7
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2604 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE 2604 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Doc-7679.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2604