Overview

overview

10

Static

static

8

951b18aa4f...33.xls

windows7-x64

10

951b18aa4f...33.xls

windows10-2004-x64

1

Analysis

  • max time kernel
    107s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 19:21

Sharing

Copy URL
Twitter E-mail

General

  • Target

    951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls

  • Size

    36KB

  • MD5

    5887df2e3efe39958c4d9645c8c0a840

  • SHA1

    9fb4b74d4ff248a178b9451c61191e0d6f8c9159

  • SHA256

    951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33

  • SHA512

    0c0c0fbbc3fa6f63014216f918000425e184db9979a6474217848fc233eaed0996c767bc4ecf5a5ce2e6f6b812334cf6cd4adef6662990442350fbf5a4ae1a56

  • SSDEEP

    768:PPqNk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJC/0zkorHDHeeTRiG+gh:nok3hbdlylKsgqopeJBWhZFGkE+cL2NU

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\951b18aa4f12e235e11d4620e8153a4b6e3faccdf217b7723eaebbef2b6c8b33.xls"
    Checks processor information in registry
    Enumerates system info in registry
    Suspicious behavior: AddClipboardFormatListener
    Suspicious use of SetWindowsHookEx
    PID:4728

Network

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Replay Monitor

00:00 00:00

Downloads

  • memory/4728-133-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-134-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-135-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-136-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-137-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-138-0x00007FFA43E70000-0x00007FFA43E80000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-139-0x00007FFA43E70000-0x00007FFA43E80000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-143-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-142-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-141-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4728-144-0x00007FFA46370000-0x00007FFA46380000-memory.dmp
    Filesize

    64KB

    Download