8c45e36ecfcfb017008cce6e6ac5e5e1af0abde3fef9302f6d975db92316d9c5

Analysis

max time kernel
132s
max time network
134s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
04/11/2022, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c45e36ecfcfb017008cce6e6ac5e5e1af0abde3fef9302f6d975db92316d9c5.xls
Size

217KB
MD5

2f8e4300dd8a564f800a97625905067f
SHA1

f36742ca5d39c5934b86f1934441c6f81ca1ca53
SHA256

8c45e36ecfcfb017008cce6e6ac5e5e1af0abde3fef9302f6d975db92316d9c5
SHA512

6d929cd6e054b9668c3a4e89ccba48cf766e4666904da6071f2dfa13d78880281a0f6b91bcfc5ad4c74510415f2b1e53e7243aad7b0c619d41c25bf7f73830fd
SSDEEP

6144:zKpb8rGYrMPe3q7Q0XV5xtuEsi8/dglyY+TAQXTHGUMEyP5p6f5jQm8:JbGUMVWlb8

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2368	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\8c45e36ecfcfb017008cce6e6ac5e5e1af0abde3fef9302f6d975db92316d9c5.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-120-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-121-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-122-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-123-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-132-0x00007FF9CA240000-0x00007FF9CA250000-memory.dmp

Filesize
64KB

Download
memory/2368-133-0x00007FF9CA240000-0x00007FF9CA250000-memory.dmp

Filesize
64KB

Download
memory/2368-290-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-291-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-292-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download
memory/2368-293-0x00007FF9CDB20000-0x00007FF9CDB30000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads