643cd89bd5b4ddeb50e76aa43d1224e17977fe5fd0c79fbbab49dd7499301046

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 10:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Карточка инвентаризации 180923.xlsx
Size

22KB
MD5

226b9471c1514d2a2a41eb5e52d96fd2
SHA1

b20fc8efe59af3f0f7b07d3109dcb718885e286f
SHA256

9d6f54e1b48ef4d6afcd99adcf17edf13cff73c3cf9ed5245221f7475609bb16
SHA512

23bd23cb8d9bc19993aeec45d5d0413cf010cd77241f60d2df302e0b0502445c01d72c1ffa7c8f89189b102f48b23148d89024d1fbee27d87e7b92b1e017e17f
SSDEEP

384:Sa98vCAvqHPic5JOFsEMX23mH2RrgctxVG/V9gN51aoYwIij1+bPZne6ywuW1ZD6:x98vkK0ws5X22HSg7Lgn1aeIW16Zne6k

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1500	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE
1500	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Карточка инвентаризации 180923.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1500-0-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-1-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-2-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-4-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-6-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-5-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-7-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-3-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-8-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-9-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-10-0x00007FFA50040000-0x00007FFA50050000-memory.dmp

Filesize
64KB

Download
memory/1500-11-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-12-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-13-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-15-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-16-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-17-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-18-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-19-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-20-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-21-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-14-0x00007FFA50040000-0x00007FFA50050000-memory.dmp

Filesize
64KB

Download
memory/1500-26-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-46-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-47-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-48-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-50-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-49-0x00007FFA524F0000-0x00007FFA52500000-memory.dmp

Filesize
64KB

Download
memory/1500-51-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download
memory/1500-52-0x00007FFA92470000-0x00007FFA92665000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads