7712b3d4b61189ccbafdbcc285b7a761d517bb68295626e30c33c24c38fb95cd

Analysis

max time kernel
150s
max time network
135s
platform
windows10-1703_x64
resource
win10-20231025-en
resource tags

arch:x64arch:x86image:win10-20231025-enlocale:en-usos:windows10-1703-x64system
submitted
07-12-2023 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Package.xls
Size

391KB
MD5

3e33c8cf5b3ce2fa86f1b0ab22d2d3c2
SHA1

de4c28fc5c4eab8c71b09830ff295b901be6a844
SHA256

7712b3d4b61189ccbafdbcc285b7a761d517bb68295626e30c33c24c38fb95cd
SHA512

0ef6016a7e6d0a45d9358ee21ddacea1b0aa393f276dadc32f3218c89f41fbea9ac765b5127c60cc8c069eb26ee52ffb740d0a7eb2af6ccf20a68e7740852354
SSDEEP

6144:ln1m9kdbQS6vsB3qfLWnNnBkbE9UX3yhnpC3quvmb6SrnV3LYpMMAI:lOeuvsB351Bkr3yh9b9hr

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4388	EXCEL.EXE
1468	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeAuditPrivilege	1468	WINWORD.EXE

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
4388	EXCEL.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE
1468	WINWORD.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Package.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4388

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
f4753a8b6608192bc45622d050f66ac7

SHA1
77dd778225700e5f8af168f320a8398a1ac2f3f1

SHA256
d55f92fe3e4fb2adff9eba7cc9a86f835069648a5b08452e4b772241631fd318

SHA512
8248ca77161b3cde32e203dd2927f31929b20bb998a52856c359c964472cf1e6728a7e26e634fbefe1a3762f1e295b44d4fa5bd5384e3d67557ebc323062e70d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
16941de7c87f0c54e825020f1638ff67

SHA1
c5e0f7fd2d022ed9d29ba33081785f013c59b468

SHA256
48004bef4bc930d76d34cac2d5ecedaed9aa52e650d6aa54026c56555966404c

SHA512
232931d43dba9a17f5d8e3b6fae996373b1397511f09574c751b7839f2476126a0870de9e3288c1ecdebbd1c437247ff94ea1e2514770d753afe1a573dd29b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\5B3FA99C-F1F7-4472-BAC9-DFD0CD868076

Filesize
158KB

MD5
25b0689507f47e257cb3f9d7bf9b7e14

SHA1
0519d99fe4464221aac4d824c6776ea0239b31cf

SHA256
ff666e10befa5313babeec82fcd679ae572949ec85b2ca3d587e269217be9c3a

SHA512
c483f715fbcfe78d2bafc094f81af99c9e3809bab8f43f5ef8bca513fec5bf1603ec327f3524c4b5a39a5f913ade30810df1b333c41c6c73911c6037da90bba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\74a0ad00a184813f0b8867eb2f8dfef7227a18a4.tbres

Filesize
2KB

MD5
32a7ee762b9af6a6d677f873ea628c8d

SHA1
906d45e00898fd96ad38e00956f8c3f0b4ee8dc5

SHA256
c0cd7540bda37d64232e3f478fc144eae5dfb52e9e7688432d05ec7b14feb035

SHA512
48236c0a27d147b403579cba220bd6da85f9c9b0ad5bd7ec6b0310d8511a7c121e2addea033ac95de6f1a021a7d8bd2420968fee6e469821e0b653147e2bf9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TH18OIKZ\microsofttoldemetheywanttodeletehistorycatchcookiefrommypc[1].doc

Filesize
48KB

MD5
08568b90661f80313579e0c16c2737f0

SHA1
859aa8a945a3585bf777ef29bbfeaeba8bc22526

SHA256
0bad6a3f47fd9b9063f5c71609e68bd2de6f9d6e4cf1a183351ee8f2f7ebf32b

SHA512
f46cf40ef8199cfe58ebd0bc63a09aa70c4c6d6bda1a55bd0d3ef63e26ea3580c63d963d8d4c9af28981ce369edd62a88779dad1bd0f4192115e6f534cb625d8

Download Submit
memory/1468-197-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-195-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-256-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-255-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-179-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-204-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-202-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-201-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-199-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-198-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-181-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-192-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-189-0x00007FFDDCE60000-0x00007FFDDCF0E000-memory.dmp

Filesize
696KB

Download
memory/1468-188-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-175-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-186-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-185-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-169-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-171-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-172-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-173-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-174-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-183-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/1468-182-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-1-0x00007FFD9F470000-0x00007FFD9F480000-memory.dmp

Filesize
64KB

Download
memory/4388-16-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-21-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-23-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-22-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-20-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-19-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-18-0x00007FFD9C920000-0x00007FFD9C930000-memory.dmp

Filesize
64KB

Download
memory/4388-17-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-0-0x00007FFD9F470000-0x00007FFD9F480000-memory.dmp

Filesize
64KB

Download
memory/4388-5-0x00007FFD9F470000-0x00007FFD9F480000-memory.dmp

Filesize
64KB

Download
memory/4388-6-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-15-0x00007FFDDCE60000-0x00007FFDDCF0E000-memory.dmp

Filesize
696KB

Download
memory/4388-4-0x00007FFD9F470000-0x00007FFD9F480000-memory.dmp

Filesize
64KB

Download
memory/4388-14-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-13-0x00007FFD9C920000-0x00007FFD9C930000-memory.dmp

Filesize
64KB

Download
memory/4388-12-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-3-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-11-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-2-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-253-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-254-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-10-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download
memory/4388-9-0x00007FFDDF3E0000-0x00007FFDDF5BB000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads