Analysis
-
max time kernel
193s -
max time network
206s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
02-12-2022 05:28
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.MathType-Obfs.Gen.25508.5883.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.MathType-Obfs.Gen.25508.5883.xls
Resource
win10v2004-20221111-en
General
-
Target
SecuriteInfo.com.Exploit.MathType-Obfs.Gen.25508.5883.xls
-
Size
250KB
-
MD5
ba0a934b6dd5af65ca9a82782d44e843
-
SHA1
5957a4921c66e0bfae31d096e2a86a9c73feb5b0
-
SHA256
0b97d2123754dc9e52e88001fc59c0343b37965172255bcc4b1d592c0df69309
-
SHA512
989872eecb46877b649e6a4b17c79a6a4feb27b140aad43ff4d9215c364a2f94ec40fba3b25e34b68b7334adb76805daf434ec6eb6c99ff44bc7928f87162005
-
SSDEEP
6144:yDZ+RwPONXoRjDhIcp0fDlavx+W26nARy0f/8v:y+/q
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2696 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
EXCEL.EXEpid process 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE 2696 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.MathType-Obfs.Gen.25508.5883.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2696
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2696-132-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-133-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-134-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-135-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-136-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-137-0x00007FF9D24F0000-0x00007FF9D2500000-memory.dmpFilesize
64KB
-
memory/2696-138-0x00007FF9D24F0000-0x00007FF9D2500000-memory.dmpFilesize
64KB
-
memory/2696-140-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-142-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-141-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB
-
memory/2696-143-0x00007FF9D4C70000-0x00007FF9D4C80000-memory.dmpFilesize
64KB