Analysis
-
max time kernel
164s -
max time network
249s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
13-10-2021 15:31
Behavioral task
behavioral1
Sample
Payment.CA4GY0.xlsb
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Payment.CA4GY0.xlsb
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
Payment.CA4GY0.xlsb
-
Size
255KB
-
MD5
f233c90b2a5964be246baa4c5daded3f
-
SHA1
d1619666d51b483ac2736e2483ed35016ab98ad8
-
SHA256
885b0aad6a8cdc2d7c9f02d1f76374d8c345eb32a2ce04ecef7fbf65abb75791
-
SHA512
96cb099703e190755e523b32cf99929f39f79fc3bdae8409cfe7eda8db3c3abe29fbd1e32941117a3901b86ee3ebc133d5eb432ce0fdb9ba6abb56386414d829
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 996 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE 996 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Payment.CA4GY0.xlsb"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/996-114-0x00007FF861870000-0x00007FF861880000-memory.dmpFilesize
64KB
-
memory/996-115-0x00007FF861870000-0x00007FF861880000-memory.dmpFilesize
64KB
-
memory/996-116-0x00007FF861870000-0x00007FF861880000-memory.dmpFilesize
64KB
-
memory/996-117-0x00007FF861870000-0x00007FF861880000-memory.dmpFilesize
64KB
-
memory/996-118-0x00007FF861870000-0x00007FF861880000-memory.dmpFilesize
64KB
-
memory/996-120-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-119-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-121-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-129-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-130-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-142-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-143-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-144-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-145-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-149-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-148-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-153-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-154-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB
-
memory/996-178-0x000001CEE3A70000-0x000001CEE3A72000-memory.dmpFilesize
8KB