Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21/06/2022, 09:09
Static task
static1
Behavioral task
behavioral1
Sample
FDA HCM.xlsx
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
FDA HCM.xlsx
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
FDA HCM.xlsx
-
Size
71KB
-
MD5
f028af359cc6d711d1882ea4b08b059c
-
SHA1
cc60b2e035fd3effde81c1b2f0fc1623204a7132
-
SHA256
e8a557e098a05e5519447d0ad0735d7473203ba25fc83bfb67c3d03b66d7a9a2
-
SHA512
9e87299ed846be2a129212bddc90421846e9193a33da553e2bc44afc2185dc70c9c4f29a3f972ebd7bd458f34a7416cd52c67b5c72ba12ea0454b40ebef62247
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1608 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE 1608 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\FDA HCM.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1608