Analysis
-
max time kernel
133s -
max time network
136s -
platform
windows10_x64 -
resource
win10-en-20211208 -
submitted
13-01-2022 22:28
Behavioral task
behavioral1
Sample
096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37.xlsm
Resource
win10-en-20211208
Behavioral task
behavioral2
Sample
096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37.xlsm
Resource
win10-en-20211208
General
-
Target
096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37.xlsm
-
Size
83KB
-
MD5
5683076d4912043d209e4456df72457c
-
SHA1
2176256f3f12b3b3252334f58c656123a9d95178
-
SHA256
096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37
-
SHA512
ecec970884e861525a48fec9d50cf2d159e4aa81c382dce7a1903201e427f7ff4e1f3a909268c39e95f43f9f01e62f6721987d17664929e34c3df3df2e5e29ba
Malware Config
Extracted
http://robotically.xyz/wp-content/XtKkx/
http://2.arthaloca.com/styles/dS5RNprosfCabLtYEwO/
https://notesculture.com/wp-includes/LuQtO3MiyJFFcF/
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3224 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE 3224 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\096504811c78492132ac12b84ad2a6ee435ac882bd0a59bed69a1b10775edf37.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3224