c19f592d9185040912a2901fdd4910ff4ebfd6c6b6ac3b41a1153d93828b1841

General

Target

Bank Details.xlsx
Size

327KB
MD5

1cdbd552294df147d59c7098ce40584d
SHA1

665ce5496ea7db7e44c01f6b6f448765d75e989f
SHA256

c19f592d9185040912a2901fdd4910ff4ebfd6c6b6ac3b41a1153d93828b1841
SHA512

ce4546f66e9c718ec270d2798add97581127d06232b424f74e1ef17e4b6af2c98c14092d4d2e5ee4fa31bbccfb1b1c57ae90ed5c26aca276b68b2d473feca877

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

776 EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE
776	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Bank Details.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-114-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

Filesize
64KB

Download
memory/776-115-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

Filesize
64KB

Download
memory/776-116-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

Filesize
64KB

Download
memory/776-117-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

Filesize
64KB

Download
memory/776-118-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-119-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-120-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

Filesize
64KB

Download
memory/776-121-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-129-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-131-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-130-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-132-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-133-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-134-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-136-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-137-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download
memory/776-138-0x00000121603D0000-0x00000121603D2000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads