Analysis
-
max time kernel
102s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
10/11/2022, 10:24
Behavioral task
behavioral1
Sample
dc0204e78f391ec0c679665cc3ac8c978b246143f2065dab33d7cf2bb9b223ed.xls
Resource
win10-20220812-en
Behavioral task
behavioral2
Sample
dc0204e78f391ec0c679665cc3ac8c978b246143f2065dab33d7cf2bb9b223ed.xls
Resource
win10-20220812-en
General
-
Target
dc0204e78f391ec0c679665cc3ac8c978b246143f2065dab33d7cf2bb9b223ed.xls
-
Size
91KB
-
MD5
83440bdbb4f41cfdc91803b725dccf82
-
SHA1
dcc149bcff93e425b6553706e4301d361c369d69
-
SHA256
dc0204e78f391ec0c679665cc3ac8c978b246143f2065dab33d7cf2bb9b223ed
-
SHA512
e94dc52b2df9d1cfee90ad4b0e7de66fe198dc24747188f9d5991707637e7817ba28d9337d5be2dca6e061bd5f9369613d8ca4faf1b4daf0e3d740ffeeb3789a
-
SSDEEP
1536:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgqbCXuZH4gb4CEn9J4Z3z3:eKpb8rGYrMPe3q7Q0XV5xtezEsi8/dgG
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2208 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE 2208 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\dc0204e78f391ec0c679665cc3ac8c978b246143f2065dab33d7cf2bb9b223ed.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2208