Analysis
-
max time kernel
106s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
14-10-2021 05:36
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.xlsx
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Bank Details.xlsx
Resource
win10v20210408
windows10_x64
0 signatures
0 seconds
General
-
Target
Bank Details.xlsx
-
Size
327KB
-
MD5
1cdbd552294df147d59c7098ce40584d
-
SHA1
665ce5496ea7db7e44c01f6b6f448765d75e989f
-
SHA256
c19f592d9185040912a2901fdd4910ff4ebfd6c6b6ac3b41a1153d93828b1841
-
SHA512
ce4546f66e9c718ec270d2798add97581127d06232b424f74e1ef17e4b6af2c98c14092d4d2e5ee4fa31bbccfb1b1c57ae90ed5c26aca276b68b2d473feca877
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 776 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
EXCEL.EXEpid process 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE 776 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Bank Details.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/776-114-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmpFilesize
64KB
-
memory/776-115-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmpFilesize
64KB
-
memory/776-116-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmpFilesize
64KB
-
memory/776-117-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmpFilesize
64KB
-
memory/776-118-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-119-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-120-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmpFilesize
64KB
-
memory/776-121-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-129-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-131-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-130-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-132-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-133-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-134-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-136-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-137-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB
-
memory/776-138-0x00000121603D0000-0x00000121603D2000-memory.dmpFilesize
8KB