Analysis
-
max time kernel
148s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
24-11-2022 07:29
Static task
static1
Behavioral task
behavioral1
Sample
b38a987e024147cd93a9839d2fe73150bbb1c6295fcc5bde3062277ef2224d49.xlsx
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b38a987e024147cd93a9839d2fe73150bbb1c6295fcc5bde3062277ef2224d49.xlsx
Resource
win10v2004-20221111-en
General
-
Target
b38a987e024147cd93a9839d2fe73150bbb1c6295fcc5bde3062277ef2224d49.xlsx
-
Size
8KB
-
MD5
ffaf17204b9a2199fb122f4a07bfd098
-
SHA1
c50d3751df0040a4aa01166fec98f3419ed935e8
-
SHA256
b38a987e024147cd93a9839d2fe73150bbb1c6295fcc5bde3062277ef2224d49
-
SHA512
67fc5e10af06a9dede6cf4a0e90bf29effb2d18380e2e616a6339b6f178459e9de2c20a257e4b498c3e962d5b3036b806c0ba52e9e80b2bea5eceabe2708942e
-
SSDEEP
192:fA9uQ59vcbUcFEBP6pIMEprcXnMWBlITMAqM5Nw/Q:k5lcbUvBP+ENc5Z+nwI
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 4108 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 15 IoCs
Processes:
EXCEL.EXEpid process 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE 4108 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\b38a987e024147cd93a9839d2fe73150bbb1c6295fcc5bde3062277ef2224d49.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4108