Analysis
-
max time kernel
98s -
max time network
131s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
21-10-2021 09:48
Behavioral task
behavioral1
Sample
Invoice.6794.xlsb
Resource
win7-en-20211014
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Invoice.6794.xlsb
Resource
win10-en-20210920
windows10_x64
0 signatures
0 seconds
General
-
Target
Invoice.6794.xlsb
-
Size
162KB
-
MD5
8b5146fe001072bc9b54d76e9f9212c4
-
SHA1
b795d16f7558ff93e44ab50d65d7f83f604ef8c8
-
SHA256
b122229c18c917bd09c8ec02ff56df02a781b588ed98a2ffb0bfcfc8315fcc04
-
SHA512
83c04aadcd2c19c2a00bd7ee569b57e85be9fce2e6ad33e700dd6473899481c0bef3d65a61be06564d280fbeceb9292c63169b08c80a13420e4f224828688d2e
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 3736 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE 3736 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Invoice.6794.xlsb"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3736-115-0x00007FFC1A9F0000-0x00007FFC1AA00000-memory.dmpFilesize
64KB
-
memory/3736-116-0x00007FFC1A9F0000-0x00007FFC1AA00000-memory.dmpFilesize
64KB
-
memory/3736-117-0x00007FFC1A9F0000-0x00007FFC1AA00000-memory.dmpFilesize
64KB
-
memory/3736-118-0x00007FFC1A9F0000-0x00007FFC1AA00000-memory.dmpFilesize
64KB
-
memory/3736-119-0x00007FFC1A9F0000-0x00007FFC1AA00000-memory.dmpFilesize
64KB
-
memory/3736-120-0x00000258B1530000-0x00000258B1532000-memory.dmpFilesize
8KB
-
memory/3736-121-0x00000258B1530000-0x00000258B1532000-memory.dmpFilesize
8KB
-
memory/3736-122-0x00000258B1530000-0x00000258B1532000-memory.dmpFilesize
8KB