Analysis
-
max time kernel
169s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16/06/2022, 09:40
Static task
static1
Behavioral task
behavioral1
Sample
New Vendor Reg.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Vendor Reg.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
QvtGA0YrRh9C60LAueGxzeA==?=.xlsx
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
QvtGA0YrRh9C60LAueGxzeA==?=.xlsx
Resource
win10v2004-20220414-en
General
-
Target
QvtGA0YrRh9C60LAueGxzeA==?=.xlsx
-
Size
10KB
-
MD5
61822d2d7da9613771ffc5fcb76d467d
-
SHA1
d4681e9afd2c843b7828ff715995c0768ef4ef4c
-
SHA256
a3179c79c2e79c41ff4a3ae307c65e1b50780235661a238afcba75365bb9ce5f
-
SHA512
72e8ffb8a584550430e78e49aa4ed0ecd41bfc2933d787fc945a839c884d92885ce3d8b3dcff0b45a809316ed71d6189bc85a920956c033bcb941e32de635a92
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2260 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE 2260 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\QvtGA0YrRh9C60LAueGxzeA==_=.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2260