Analysis
-
max time kernel
257s -
max time network
223s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-it -
resource tags
arch:x64arch:x86image:win10v2004-20221111-itlocale:it-itos:windows10-2004-x64systemwindows -
submitted
23-11-2022 08:53
Behavioral task
behavioral1
Sample
4_IT02190978956_08_23112022_089000.xls
Resource
win7-20221111-it
Behavioral task
behavioral2
Sample
4_IT02190978956_08_23112022_089000.xls
Resource
win10v2004-20221111-it
General
-
Target
4_IT02190978956_08_23112022_089000.xls
-
Size
71KB
-
MD5
8c9288ae3f01c951a84067c38d9c5bc6
-
SHA1
265c0fdcb60d9c6bac2f525a8ed3ca2a5f5ba151
-
SHA256
97f7e8809cb74cb87f7f03e7196d60db63d07ae36d4e02f3821ef0464288af58
-
SHA512
24f2b85e45ef40ffb2599c13d37eaa5a9269c2d773a45d84e58f2dac9124092e3b4ed03a4bdcde63d4fede74b68d8c5aeec9a58c2cc0fa4373f42fe6f7ba410e
-
SSDEEP
1536:fDlYkEIbSkKBEqEXPgsRZmbaoFhZhR0cixIHm0ad50+99rHk+wTWOWhMBG5/mu:fDlYkEIuPm3fNRZmbaoFhZhR0cixIHml
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 380 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE 380 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4_IT02190978956_08_23112022_089000.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/380-132-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-133-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-134-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-135-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-136-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-137-0x00007FFDD79A0000-0x00007FFDD79B0000-memory.dmpFilesize
64KB
-
memory/380-138-0x00007FFDD79A0000-0x00007FFDD79B0000-memory.dmpFilesize
64KB
-
memory/380-139-0x00000227F2A91000-0x00000227F2A93000-memory.dmpFilesize
8KB
-
memory/380-141-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-142-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-143-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB
-
memory/380-144-0x00007FFDD9B90000-0x00007FFDD9BA0000-memory.dmpFilesize
64KB