Analysis
-
max time kernel
185s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2022, 21:07
Behavioral task
behavioral1
Sample
39540.xls
Resource
win7-20220812-en
11 signatures
150 seconds
Behavioral task
behavioral2
Sample
39540.xls
Resource
win10v2004-20220812-en
4 signatures
150 seconds
General
-
Target
39540.xls
-
Size
91KB
-
MD5
5dfe206f421c9ba765fa0ada106a0ee5
-
SHA1
1263b8e368a5b82f9435999588de2554c7524a40
-
SHA256
9a200cfe2b7e12e3ba68875dbc6b10b9c618fb459ba6b21798d6eaeff9f73b75
-
SHA512
7aa8ba09f7502b395f9558d46deb1218a7f283349bbd7c28eb60e8db687bf6b9f273a14185005fc7c3487c4d4ce5d110683f2898c4367edb1775549c1b539b64
-
SSDEEP
1536:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dg2bCXuZH4gb4CEn9J4Z2cvp:LKpb8rGYrMPe3q7Q0XV5xtezEsi8/dge
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4736 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE 4736 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\39540.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4736