Analysis
-
max time kernel
100s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2023, 12:48
Static task
static1
Behavioral task
behavioral1
Sample
January_order_2003984.xls
Resource
win7-20220812-en
22 signatures
150 seconds
Behavioral task
behavioral2
Sample
January_order_2003984.xls
Resource
win10v2004-20221111-en
4 signatures
150 seconds
General
-
Target
January_order_2003984.xls
-
Size
90KB
-
MD5
96acef79802842edf68773128a180a2b
-
SHA1
359dfa82346c95afbbc0fb3a2c473bcc3114b503
-
SHA256
e0451a22f5f14b8ba7355eaf45912270b2e1a25a5cab15e113f7934de0feef6e
-
SHA512
feff2df50eea580a74c2c8d51760f56cc2e74e5caf1895d7ac608bc9a056cb12e1a910290bd004499bacf5ce34d021c2c309545bb7262bd4be699bbde57a8287
-
SSDEEP
1536:ykfZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAU+p7CkNWZ3c3M+pC3+pS12w+UpbuCV:RfZ+RwPONXoRjDhIcp0fDlaGGx+cL26J
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4884 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE 4884 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\January_order_2003984.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4884