Analysis
-
max time kernel
101s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21/06/2022, 09:08
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order Sheet.xlsx
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Purchase Order Sheet.xlsx
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
Purchase Order Sheet.xlsx
-
Size
168KB
-
MD5
939b429a57287162bc41f316f44eb30f
-
SHA1
d847f7c19c0f05eaa78c01c7f3ce870542f126ec
-
SHA256
db8c0ba2cb25a5ed15cdc6c5e58cffcdc276acea0036813db8824aad1ae5ca22
-
SHA512
41a0025cec34032ab697f64774674fe50004d92268cbd75f0fdd237141d56bca0281c2485905b26ddcbe223afafef35f99bf7e083fe308f31545880dcdf6375e
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4836 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE 4836 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Purchase Order Sheet.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4836