Analysis
-
max time kernel
108s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
23-02-2022 07:33
Static task
static1
Behavioral task
behavioral1
Sample
Envio de documento_DHL 22_02_2022.xlsx
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Envio de documento_DHL 22_02_2022.xlsx
Resource
win10v2004-en-20220112
General
-
Target
Envio de documento_DHL 22_02_2022.xlsx
-
Size
186KB
-
MD5
05f91845566d3742dc8fb9443ede69f0
-
SHA1
1d8a64bab1040ca7fd0a36fa40a4869038d54c7f
-
SHA256
fb624084468d7c727ce92a9257781be69dac3cb13ba42bce978b56a7466aafc3
-
SHA512
03f3c22ca3fe18566697cc26e54fe46236fa0210b4a50235e1fa18a2710d78183240551995c3d58636dabe488d7aedde389a7d0216bba3f822daaa9d53412d60
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 3780 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
EXCEL.EXEpid process 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE 3780 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Envio de documento_DHL 22_02_2022.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3780
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3780-130-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-131-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-132-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-133-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-134-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-135-0x00007FFB54A8D000-0x00007FFB54A8E000-memory.dmpFilesize
4KB
-
memory/3780-136-0x00007FFB54A90000-0x00007FFB54A91000-memory.dmpFilesize
4KB
-
memory/3780-182-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-183-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-184-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB
-
memory/3780-185-0x00007FFB14A70000-0x00007FFB14A80000-memory.dmpFilesize
64KB