Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-03-2024 09:42
Static task
static1
Behavioral task
behavioral1
Sample
61bfcfe14915e7109a4544e385779dd585a222d9e7d41133148eef25019e10da.xlsx
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
61bfcfe14915e7109a4544e385779dd585a222d9e7d41133148eef25019e10da.xlsx
Resource
win10v2004-20240226-en
General
-
Target
61bfcfe14915e7109a4544e385779dd585a222d9e7d41133148eef25019e10da.xlsx
-
Size
29KB
-
MD5
08e825bb3db1e635f7590fff0f05d928
-
SHA1
01bfe969cb93646e87ce25281911be186e21ba64
-
SHA256
61bfcfe14915e7109a4544e385779dd585a222d9e7d41133148eef25019e10da
-
SHA512
bec3559d70ceb0eec94e2b5eb8aeedebb28d6eedeca3d1fed74119163868ca312b9b672ec3e7e1b02c6614dae12d20a2e2b393df8268729c676ea0d5c98efe8a
-
SSDEEP
768:wnEQpllh7tAafroiianGoHoJ+yWWn0WhteDp:nQJh7Lro4ntD+0Aup
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2592 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE 2592 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\61bfcfe14915e7109a4544e385779dd585a222d9e7d41133148eef25019e10da.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2592