Analysis
-
max time kernel
146s -
max time network
148s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
09/11/2022, 19:17
Behavioral task
behavioral1
Sample
22db011b48af2ab3ea49fe8e3f2afe83cc1239edf66afc89bcd7760c7c977d4e.xls
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
22db011b48af2ab3ea49fe8e3f2afe83cc1239edf66afc89bcd7760c7c977d4e.xls
Resource
win10-20220901-en
General
-
Target
22db011b48af2ab3ea49fe8e3f2afe83cc1239edf66afc89bcd7760c7c977d4e.xls
-
Size
91KB
-
MD5
47d2dc7d0429faf9fe2b54ca6d0bf164
-
SHA1
2833365cc25811dbcf042dfb5c81930913f9259d
-
SHA256
22db011b48af2ab3ea49fe8e3f2afe83cc1239edf66afc89bcd7760c7c977d4e
-
SHA512
dbeb6f54b5e7558c260d8544a87fee7c6f9a4246c2de7535beca6e00a4bba54212bd436532a97c2fa4ab7cb5d71c87868e880fe791834164e57e0a83f259a81e
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Zqcvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgi
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1500 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE 1500 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\22db011b48af2ab3ea49fe8e3f2afe83cc1239edf66afc89bcd7760c7c977d4e.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1500