Analysis
-
max time kernel
202s -
max time network
205s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 05:35
Behavioral task
behavioral1
Sample
23112022-4986177.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
23112022-4986177.xls
Resource
win10v2004-20220812-en
General
-
Target
23112022-4986177.xls
-
Size
87KB
-
MD5
92852fe34f8b47a977a3b1d133e8b103
-
SHA1
29f90b6437e5b3589964c7c7f937e9f7707f8f27
-
SHA256
014caec7177e00999c90edeed6108dd7e322a25d68603dac48a441bbe969f882
-
SHA512
177494873785127a656c4e809a3827c683a7d093a87fbd8104f3efb7c31565ffaea27d1e5e12d6a54e90d9d2184b76c8a20c82dc3b8215a381b844a64e8c8542
-
SSDEEP
1536:tSlYkEIbSkKBEqEXPgsRZmbaoFhZhR0cixIHm0vYVE1jqb4c+DoW4bzo4dobOZfY:tSlYkEIuPm3fNRZmbaoFhZhR0cixIHmI
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 4604 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE 4604 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\23112022-4986177.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4604
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4604-132-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmpFilesize
64KB
-
memory/4604-133-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmpFilesize
64KB
-
memory/4604-134-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmpFilesize
64KB
-
memory/4604-135-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmpFilesize
64KB
-
memory/4604-136-0x00007FF8A9F90000-0x00007FF8A9FA0000-memory.dmpFilesize
64KB
-
memory/4604-137-0x00007FF8A76C0000-0x00007FF8A76D0000-memory.dmpFilesize
64KB
-
memory/4604-138-0x00007FF8A76C0000-0x00007FF8A76D0000-memory.dmpFilesize
64KB