Analysis
-
max time kernel
272s -
max time network
281s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
29-02-2024 09:24
Behavioral task
behavioral1
Sample
9785e072ecc643a10511ccf47e721bf8.tnef
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Levi Strauss (India) Pvt. Ltd.- RRL(Ajio) Recon upto Sep23.xlsb
Resource
win10v2004-20240226-en
General
-
Target
Levi Strauss (India) Pvt. Ltd.- RRL(Ajio) Recon upto Sep23.xlsb
-
Size
279KB
-
MD5
f193c353ec904d40a59edc6e2b5c5094
-
SHA1
0fac339b245d378e676b01b174e0a2052f019171
-
SHA256
b49f5d625c18650f09e3ea6bc849fbbadf49a5e82868597b46b999509d759b18
-
SHA512
4e30b48e3bec15e0ba12e1f3852a2638ca41ce7745fbf8faf0d8b36301610f52a9658fd3f7126ea486a10957ae4fbd4dda1f63ada3dd071f990d124ffa350bf1
-
SSDEEP
6144:ysJ/ns7lTxTfQDYLzKSgogUn+mphwfffNFQGrC0y0VcWcLaljZs:xJ/ul9TfQc+SgogUnRhwffNN/WWcLaQ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 556 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
EXCEL.EXEpid process 556 EXCEL.EXE 556 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
EXCEL.EXEpid process 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE 556 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Levi Strauss (India) Pvt. Ltd.- RRL(Ajio) Recon upto Sep23.xlsb"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:556