Analysis
-
max time kernel
179s -
max time network
225s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 19:22
Static task
static1
Behavioral task
behavioral1
Sample
3fbbdcd2002c3b1193bb008e373eebe32fb9d6abfa019b6d10e9a62726bed800.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
3fbbdcd2002c3b1193bb008e373eebe32fb9d6abfa019b6d10e9a62726bed800.xls
Resource
win10v2004-20221111-en
General
-
Target
3fbbdcd2002c3b1193bb008e373eebe32fb9d6abfa019b6d10e9a62726bed800.xls
-
Size
30KB
-
MD5
014d5922485f1764f7ec3807e394e458
-
SHA1
a890b6f8d2ee125252ce2935d69d9f89098d6684
-
SHA256
3fbbdcd2002c3b1193bb008e373eebe32fb9d6abfa019b6d10e9a62726bed800
-
SHA512
e8ee8933292d4392515b51b7241ca6605d3f037503b524a290fa139451055e45940aca7964ce797828a504ea510de3558a8731d54af6cf11a7230f02f7399396
-
SSDEEP
768:0ttttB9oJR2OqYOJkzP7X6U5yWyVhIDxAe+j1:0ttttB9oZ5yWyVCVM
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2376 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3fbbdcd2002c3b1193bb008e373eebe32fb9d6abfa019b6d10e9a62726bed800.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2376
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2376-132-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-133-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-134-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-135-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-136-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-137-0x00007FF9A32E0000-0x00007FF9A32F0000-memory.dmpFilesize
64KB
-
memory/2376-138-0x00007FF9A32E0000-0x00007FF9A32F0000-memory.dmpFilesize
64KB
-
memory/2376-155-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-157-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-156-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB
-
memory/2376-158-0x00007FF9A5870000-0x00007FF9A5880000-memory.dmpFilesize
64KB