Analysis
-
max time kernel
148s -
max time network
156s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
09/11/2022, 19:20
Behavioral task
behavioral1
Sample
6b641b11c0c4a907a2ccecac23abd74151d5f80c2e5d49ad8f3e97175f9cf3db.xls
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
6b641b11c0c4a907a2ccecac23abd74151d5f80c2e5d49ad8f3e97175f9cf3db.xls
Resource
win10-20220812-en
General
-
Target
6b641b11c0c4a907a2ccecac23abd74151d5f80c2e5d49ad8f3e97175f9cf3db.xls
-
Size
91KB
-
MD5
f5baa5d1088566ceb166e823c21ecd09
-
SHA1
16a5bd1ec9c6b05011d453825869fb06379941b7
-
SHA256
6b641b11c0c4a907a2ccecac23abd74151d5f80c2e5d49ad8f3e97175f9cf3db
-
SHA512
94acbc55580e4d753390cd2b96715b947b5e75d62baba0e792eeae1c120fd6bf15b9fa8c735437164c7bf3113c0c8375204ccd4def8fbcd2a36e62548d377908
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Z6cvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgS
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2608 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE 2608 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\6b641b11c0c4a907a2ccecac23abd74151d5f80c2e5d49ad8f3e97175f9cf3db.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2608