Analysis
-
max time kernel
117s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2022, 21:18
Behavioral task
behavioral1
Sample
7fc0385dbfd6dc3bc7aa291b9715759b1eaa0d112907023ff0f4139ab76e8ffb.xls
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7fc0385dbfd6dc3bc7aa291b9715759b1eaa0d112907023ff0f4139ab76e8ffb.xls
Resource
win10v2004-20220812-en
General
-
Target
7fc0385dbfd6dc3bc7aa291b9715759b1eaa0d112907023ff0f4139ab76e8ffb.xls
-
Size
217KB
-
MD5
fb248514ed0b295694c253b87ee6ec28
-
SHA1
fd81692060318518baa2317e1f5539b86193f9c3
-
SHA256
7fc0385dbfd6dc3bc7aa291b9715759b1eaa0d112907023ff0f4139ab76e8ffb
-
SHA512
262e33c5f2eda1627572e1b77b74f0a4cd9fbc3c7511c18978da3712fd8f148111e7f30dc660b830f2cd5ff0f1188e912aec7a6cce1b0456ffb5978570aee138
-
SSDEEP
6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmX:bbGUMVWlbX
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4204 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE 4204 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\7fc0385dbfd6dc3bc7aa291b9715759b1eaa0d112907023ff0f4139ab76e8ffb.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4204