Analysis
-
max time kernel
103s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16/06/2022, 09:47
Static task
static1
Behavioral task
behavioral1
Sample
ORDER N3819.xlsx
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ORDER N3819.xlsx
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
ORDER N3819.xlsx
-
Size
255KB
-
MD5
cdfa41a744ed703285b377268108a2af
-
SHA1
316f7c7129ca29c19d4227c78480bff784de29a3
-
SHA256
ee473a7accd124448fb8eccd49328baa2cf597ea14d9d1b7a1dac80fc53057ad
-
SHA512
93013216c4069348e279206b94f80e9826079ec1409cdd497aeb81e604935ba94398a400c779396034de4c5f3be5d10ada8c27c54edaa46e219357aa2d22c38f
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4528 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE 4528 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ORDER N3819.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4528