Resubmissions
13/08/2021, 09:28
210813-fnjyawq6ws 1013/08/2021, 09:23
210813-swdjcyat5e 1013/08/2021, 07:05
210813-4dy26bbdfe 1003/08/2021, 07:47
210803-jrlp4kfgt2 10Analysis
-
max time kernel
13s -
max time network
13s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03/08/2021, 07:47
Static task
static1
Behavioral task
behavioral1
Sample
InvoiceNo_8041766.ppt
Resource
win7v20210410
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
InvoiceNo_8041766.ppt
Resource
win10v20210408
0 signatures
0 seconds
General
-
Target
InvoiceNo_8041766.ppt
-
Size
82KB
-
MD5
c27b99ba1c1e0e88a8362fd5b9193499
-
SHA1
4aa04165daad8a8827d39067b117c2a81399f87d
-
SHA256
c9eef29af749ee4e022d0852bfec6b85a382cb50d0dfcab2eeed1a89499fde48
-
SHA512
8c7c17959905a83b503d5a1892a9950399ae6d1f0b4859a4b2cfaf0c0bb176cebf64d9992b93d5b32d8aca95dff13821303ad5d234109f65de4ac03fdc80a892
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString POWERPNT.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily POWERPNT.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU POWERPNT.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS POWERPNT.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 632 POWERPNT.EXE -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 632 POWERPNT.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\InvoiceNo_8041766.ppt" /ou ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:632