Analysis
-
max time kernel
135s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16/06/2022, 09:40
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ITEMS.xlsx
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
RFQ_ITEMS.xlsx
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
RFQ_ITEMS.xlsx
-
Size
714KB
-
MD5
392ad9f585c56d59ed7c38f0f1fd0248
-
SHA1
6612bc1b3efcd1768ab97295c939484d1de5a2e2
-
SHA256
b23af2441730b31e7c5c5e358eb4f2a52929d14546d4cdc3bb203060d069769a
-
SHA512
37404e0a915029a528099903b10ff7196712e4b7b16b972f06cb441b72fd728be739f8d39984d0f45d9e0d89d01f31d448d6475ffbfcfc4d58403613ce71cd2f
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2224 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE 2224 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\RFQ_ITEMS.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2224