Analysis
-
max time kernel
101s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
11-01-2023 19:03
Behavioral task
behavioral1
Sample
d1f609c4e1e98b807b8103928099e545.xls
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d1f609c4e1e98b807b8103928099e545.xls
Resource
win10v2004-20221111-en
General
-
Target
d1f609c4e1e98b807b8103928099e545.xls
-
Size
1.6MB
-
MD5
d1f609c4e1e98b807b8103928099e545
-
SHA1
f84f82ca6425fe42b68ca44fdc2a674d0b90d04e
-
SHA256
51a850346130b5d7389c4a8e9e4adbc8b538580e832e33409ebc7fe04ba6e1e3
-
SHA512
a75a556651948fdd628d9e20d09d08544058a9367523008d31f3578976eebf78694596f01097b4661f46ab431d6e1b95ba3c34853043390a7e7bba1189d76cd9
-
SSDEEP
12288:6fbfPMHGhvjqVS+4jGQbNsS0Z7xCYK37zcxzuBDo2LohapAs4grcbRKfikmaGK+W:6fDPxsS0fCYU7zcxzutrp/4zR3mmYR
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2596 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE 2596 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\d1f609c4e1e98b807b8103928099e545.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2596-132-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-134-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-133-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-135-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-136-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-137-0x00007FFD9CAE0000-0x00007FFD9CAF0000-memory.dmpFilesize
64KB
-
memory/2596-138-0x00007FFD9CAE0000-0x00007FFD9CAF0000-memory.dmpFilesize
64KB
-
memory/2596-139-0x00000272EEF3C000-0x00000272EEF3E000-memory.dmpFilesize
8KB
-
memory/2596-140-0x00000272EEF3C000-0x00000272EEF3E000-memory.dmpFilesize
8KB
-
memory/2596-142-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-143-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-145-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB
-
memory/2596-144-0x00007FFD9F410000-0x00007FFD9F420000-memory.dmpFilesize
64KB