Analysis

  • max time kernel
    159s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    16/06/2022, 09:51

General

  • Target

    ordine n.223737-3748.xlsx

  • Size

    255KB

  • MD5

    7a1d66b7ff2e9ac7fa6b971165ff4e36

  • SHA1

    94ac522422a381a85649f705337e05aa517231ee

  • SHA256

    bb67823344c66355e808040a736b0cf9c4f1676429f6e643880a4f057ce0be00

  • SHA512

    d93defcbf8afc7a0fd7a512c043c22c0474296cfd17895f75a9215b9ba352dcee547a512372c1cdc04a5de2c7338fae83814f65c0ef2d327343ad3cad6f258a4

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ordine n.223737-3748.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3044

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3044-130-0x00007FF7D9CF0000-0x00007FF7D9D00000-memory.dmp

          Filesize

          64KB

        • memory/3044-131-0x00007FF7D9CF0000-0x00007FF7D9D00000-memory.dmp

          Filesize

          64KB

        • memory/3044-132-0x00007FF7D9CF0000-0x00007FF7D9D00000-memory.dmp

          Filesize

          64KB

        • memory/3044-133-0x00007FF7D9CF0000-0x00007FF7D9D00000-memory.dmp

          Filesize

          64KB

        • memory/3044-134-0x00007FF7D9CF0000-0x00007FF7D9D00000-memory.dmp

          Filesize

          64KB

        • memory/3044-135-0x00007FF7D7840000-0x00007FF7D7850000-memory.dmp

          Filesize

          64KB

        • memory/3044-136-0x00007FF7D7840000-0x00007FF7D7850000-memory.dmp

          Filesize

          64KB