Analysis
-
max time kernel
99s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21/06/2022, 09:05
Static task
static1
Behavioral task
behavioral1
Sample
Doc202206201627.xlsx
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Doc202206201627.xlsx
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Doc202206201627.xlsx
-
Size
71KB
-
MD5
1d82383a97676c0119586294847d72c4
-
SHA1
e235ee979b771fc57a1591c3937964e8737e6522
-
SHA256
4a484a5d70b16a279ea706a537405a9163c26fb4fdb73ffe894ba0f424e57277
-
SHA512
0c92bdc7e80795bbf967d49238625bee28d47b43cfc8ac266e4becc6a71f6d8dd541e40e3b776ff9b22f4fdcb096c6ed18b35755af96a5a9d015eda68ff26799
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2680 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE 2680 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Doc202206201627.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2680