Analysis
-
max time kernel
156s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
16/06/2022, 09:49
Static task
static1
Behavioral task
behavioral1
Sample
ordine n.223737-3748.xlsx
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ordine n.223737-3748.xlsx
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
ordine n.223737-3748.xlsx
-
Size
255KB
-
MD5
7a1d66b7ff2e9ac7fa6b971165ff4e36
-
SHA1
94ac522422a381a85649f705337e05aa517231ee
-
SHA256
bb67823344c66355e808040a736b0cf9c4f1676429f6e643880a4f057ce0be00
-
SHA512
d93defcbf8afc7a0fd7a512c043c22c0474296cfd17895f75a9215b9ba352dcee547a512372c1cdc04a5de2c7338fae83814f65c0ef2d327343ad3cad6f258a4
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 908 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 908 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 908 EXCEL.EXE 908 EXCEL.EXE 908 EXCEL.EXE 908 EXCEL.EXE 908 EXCEL.EXE 908 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ordine n.223737-3748.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:908