Analysis
-
max time kernel
147s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
31-01-2023 17:32
Behavioral task
behavioral1
Sample
8a879bcf7697e044dd5b63718ad0076e.xls
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8a879bcf7697e044dd5b63718ad0076e.xls
Resource
win10v2004-20220901-en
General
-
Target
8a879bcf7697e044dd5b63718ad0076e.xls
-
Size
770KB
-
MD5
8a879bcf7697e044dd5b63718ad0076e
-
SHA1
77dd969ab348596ffa11ba08b180f9bee244e8f2
-
SHA256
29a44941250420ead587b2a96eb807cf87a0ec3ad728666404d23a7b6ec2a1d1
-
SHA512
047b3a37b3deaae818c9e2a98bafd6d91f2c066b7a9f251c3871447e3aa1259af816a1f423eaf52faa740b8a8f2fb6346822e0493a0fdb4c31804af4a23a1451
-
SSDEEP
6144:QMDAUGfS7j40srblivj9Lz5y7pl2jviOZhXHddEcsfjmkKxHzPOb6tO5LB2UmMuM:iO7Nq/6ru6t4aixqh8lnVi297h
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 1316 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 14 IoCs
Processes:
EXCEL.EXEpid process 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE 1316 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\8a879bcf7697e044dd5b63718ad0076e.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1316-132-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmpFilesize
64KB
-
memory/1316-133-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmpFilesize
64KB
-
memory/1316-134-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmpFilesize
64KB
-
memory/1316-135-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmpFilesize
64KB
-
memory/1316-136-0x00007FF8D78D0000-0x00007FF8D78E0000-memory.dmpFilesize
64KB
-
memory/1316-137-0x00007FF8D50A0000-0x00007FF8D50B0000-memory.dmpFilesize
64KB
-
memory/1316-138-0x00007FF8D50A0000-0x00007FF8D50B0000-memory.dmpFilesize
64KB