f1337be32ef59e14dee706d55b05c1fd57601a5727402f64b50b116f66b90ea3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1337be32ef59e14dee706d55b05c1fd57601a5727402f64b50b116f66b90ea3.xls
Size

1.1MB
MD5

1daf4b9978fa7a9853f5e1942077fefa
SHA1

19b284f7a3f42bc2458c598564d009ee5d0fa3c5
SHA256

f1337be32ef59e14dee706d55b05c1fd57601a5727402f64b50b116f66b90ea3
SHA512

812a78255872b85f18e3a975670201cccd313913fc08ea2238cd63548ffbf3748a3e64e734e04780d46ab7b856dae4b69f4ed0ad98be27f402c526c728d31348
SSDEEP

24576:u7xr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXmm2r5XXXXXXXXXXXXUXXXXXXXSXXXp:XMjJ3Y

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
764	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE
764	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\f1337be32ef59e14dee706d55b05c1fd57601a5727402f64b50b116f66b90ea3.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/764-132-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-133-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-134-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-135-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-136-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-137-0x00007FFDF8030000-0x00007FFDF8040000-memory.dmp

Filesize
64KB

Download
memory/764-138-0x00007FFDF8030000-0x00007FFDF8040000-memory.dmp

Filesize
64KB

Download
memory/764-141-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-140-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-142-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download
memory/764-143-0x00007FFDFA5B0000-0x00007FFDFA5C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads