Analysis
-
max time kernel
196s -
max time network
218s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
30-03-2023 23:33
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.BackdoorBazarSpam.GenericKD.37165815.18046.29024.xls
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.BackdoorBazarSpam.GenericKD.37165815.18046.29024.xls
Resource
win10v2004-20230220-en
General
-
Target
SecuriteInfo.com.Trojan.BackdoorBazarSpam.GenericKD.37165815.18046.29024.xls
-
Size
120KB
-
MD5
0bb6ef7f4d8a29f57332c41e70f557b4
-
SHA1
1fadf8c516daa6a0e551cde40c6ba309810bf17e
-
SHA256
547e34240e1fed85db1fb3a7e2a528290eb7ec5c64257b10fe6e2fc0654e3bc2
-
SHA512
c07e5ebd4629817f9e5d1fc9c763da1fd21bd7dcdcf6074957500577b7d476275d856630326460c3c4dd100d27c8792c9b6a3c519acca5d5e5d26cd76ad880e4
-
SSDEEP
3072:trk3hbdlylKsgqopeJBWhZFGkE+cL2NdA1saIJxrJukgjFN024hYuF5SAxW:Vk3hbdlylKsgqopeJBWhZFVE+W2NdA13
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2388 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
EXCEL.EXEpid process 2388 EXCEL.EXE 2388 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 18 IoCs
Processes:
EXCEL.EXEpid process 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE 2388 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.BackdoorBazarSpam.GenericKD.37165815.18046.29024.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2388-133-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmpFilesize
64KB
-
memory/2388-135-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmpFilesize
64KB
-
memory/2388-134-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmpFilesize
64KB
-
memory/2388-136-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmpFilesize
64KB
-
memory/2388-137-0x00007FFB17C30000-0x00007FFB17C40000-memory.dmpFilesize
64KB
-
memory/2388-138-0x00007FFB158C0000-0x00007FFB158D0000-memory.dmpFilesize
64KB
-
memory/2388-139-0x00007FFB158C0000-0x00007FFB158D0000-memory.dmpFilesize
64KB