Bank Details.xlsx

General
Target

Bank Details.xlsx

Filesize

327KB

Completed

14-10-2021 05:38

Score
1 /10
MD5

1cdbd552294df147d59c7098ce40584d

SHA1

665ce5496ea7db7e44c01f6b6f448765d75e989f

SHA256

c19f592d9185040912a2901fdd4910ff4ebfd6c6b6ac3b41a1153d93828b1841

Malware Config
Signatures 4

Filter: none

Discovery
  • Checks processor information in registry
    EXCEL.EXE

    Description

    Processor information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key opened\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0EXCEL.EXE
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHzEXCEL.EXE
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameStringEXCEL.EXE
  • Enumerates system info in registry
    EXCEL.EXE

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKUEXCEL.EXE
    Key opened\REGISTRY\MACHINE\Hardware\Description\System\BIOSEXCEL.EXE
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamilyEXCEL.EXE
  • Suspicious behavior: AddClipboardFormatListener
    EXCEL.EXE

    Reported IOCs

    pidprocess
    776EXCEL.EXE
  • Suspicious use of SetWindowsHookEx
    EXCEL.EXE

    Reported IOCs

    pidprocess
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
    776EXCEL.EXE
Processes 1
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Bank Details.xlsx"
    Checks processor information in registry
    Enumerates system info in registry
    Suspicious behavior: AddClipboardFormatListener
    Suspicious use of SetWindowsHookEx
    PID:776
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Replay Monitor
                        00:00 00:00
                        Downloads
                        • memory/776-114-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

                        • memory/776-115-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

                        • memory/776-116-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

                        • memory/776-117-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

                        • memory/776-118-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-119-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-120-0x00007FFDD78A0000-0x00007FFDD78B0000-memory.dmp

                        • memory/776-121-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-129-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-131-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-130-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-132-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-133-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-134-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-136-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-137-0x00000121603D0000-0x00000121603D2000-memory.dmp

                        • memory/776-138-0x00000121603D0000-0x00000121603D2000-memory.dmp