951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33

Analysis

max time kernel
107s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 19:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls
Size

36KB
MD5

5887df2e3efe39958c4d9645c8c0a840
SHA1

9fb4b74d4ff248a178b9451c61191e0d6f8c9159
SHA256

951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33
SHA512

0c0c0fbbc3fa6f63014216f918000425e184db9979a6474217848fc233eaed0996c767bc4ecf5a5ce2e6f6b812334cf6cd4adef6662990442350fbf5a4ae1a56
SSDEEP

768:PPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJC/0zkorHDHeeTRiG+gh:nok3hbdlylKsgqopeJBWhZFGkE+cL2NU

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

4728 EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4728

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4728-133-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-134-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-135-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-136-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-137-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-138-0x00007FFA43E70000-0x00007FFA43E80000-memory.dmp

Filesize
64KB

Download
memory/4728-139-0x00007FFA43E70000-0x00007FFA43E80000-memory.dmp

Filesize
64KB

Download
memory/4728-143-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-142-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-141-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download
memory/4728-144-0x00007FFA46370000-0x00007FFA46380000-memory.dmp

Filesize
64KB

Download