Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 04:10
Static task
static1
Behavioral task
behavioral1
Sample
swiftcopy.xlsm
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
swiftcopy.xlsm
Resource
win10v2004-20220414-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
swiftcopy.xlsm
-
Size
399KB
-
MD5
702b1e2d4b0af04d195bb35cd07596ed
-
SHA1
12fcaeeedfe9814114d4a7bdb779ab6b6cdf1b17
-
SHA256
0fb26f19e30fbd8a79fb1a97c515e8dffe912fb53ed8b580f8d052d7fe3570df
-
SHA512
f739c7b6c082e5249d3f331135c57cd8728463c393da0412ce9d381af087b185016e648f91e43dc26e18eb2f615799ce0a7ce0910d752ca189bd10cdb85f313e
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 3112 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
EXCEL.EXEpid process 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE 3112 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\swiftcopy.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3112-130-0x00007FFB41170000-0x00007FFB41180000-memory.dmpFilesize
64KB
-
memory/3112-131-0x00007FFB41170000-0x00007FFB41180000-memory.dmpFilesize
64KB
-
memory/3112-132-0x00007FFB41170000-0x00007FFB41180000-memory.dmpFilesize
64KB
-
memory/3112-133-0x00007FFB41170000-0x00007FFB41180000-memory.dmpFilesize
64KB
-
memory/3112-134-0x00007FFB41170000-0x00007FFB41180000-memory.dmpFilesize
64KB
-
memory/3112-135-0x00007FFB3EDB0000-0x00007FFB3EDC0000-memory.dmpFilesize
64KB
-
memory/3112-136-0x00007FFB3EDB0000-0x00007FFB3EDC0000-memory.dmpFilesize
64KB