310769d7aff0d696f15df14ca130026b692322102c5e0214acc4b00c637ef88e

General

Target

310769d7aff0d696f15df14ca130026b692322102c5e0214acc4b00c637ef88e.xls
Size

983KB
MD5

3e8e58ac35e7a3d6ca0dbfe6b2b9052d
SHA1

381c3301965abea5ce44171c42f844ceab36664e
SHA256

310769d7aff0d696f15df14ca130026b692322102c5e0214acc4b00c637ef88e
SHA512

4aa7fa96e6b238c1aa5d0593bc1329eb11b4fdfd56e7879c16306b3f5df86ef88ca3cd6840bdaa2da63b5ea4163beffae34c26bcb58b71caef36efd06239d5c6
SSDEEP

6144:Kk3hOdsylKlgryzc4bNhZF+E+EPUwKYA2/0Hd3f2BLyiBqNKVvPj+aCZilt9E5s4:Av2FTQNKh3C+qqxyt2Kp

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2564	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2564	EXCEL.EXE
2564	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\310769d7aff0d696f15df14ca130026b692322102c5e0214acc4b00c637ef88e.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VB72B0.tmp

Filesize
1KB

MD5
e05ebac52c6762adeea53330c244f454

SHA1
81711d55c2e686bf3f4dc089dcbd275ca8cd98f4

SHA256
56003f714076e0cd175069d874625536af4f7991e5bd02022e95831bef783ace

SHA512
519979333b0bdea8d833191feeaf5a75035204e70aa9f538f4fcc363629af86a03b13610aa36e8d9dc4092f64a8d4fe41069ca883960de4f1f08f6e35b19fd91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
256B

MD5
c6b1a5f0fabb13661274b6680a92fb51

SHA1
fb4f7039b2ebec3cb4437d95d522525294cadccc

SHA256
3187033c928e0b968eba0b2ade93ae172fe40093bb6f99ac4b3f8a0d5fd506d1

SHA512
25138c9e45282406b41ed01d2dc97da4be0db6cb254b8bac28244990065264390c6514d163f95e32993d91d9c77366de8de26440f51ac873da7ac97feff0d221

Download Submit
memory/2564-20-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-3-0x00007FFF45110000-0x00007FFF45120000-memory.dmp

Filesize
64KB

Download
memory/2564-4-0x00007FFF45110000-0x00007FFF45120000-memory.dmp

Filesize
64KB

Download
memory/2564-5-0x00007FFF8512D000-0x00007FFF8512E000-memory.dmp

Filesize
4KB

Download
memory/2564-7-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-8-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-6-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-10-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-12-0x00007FFF42B60000-0x00007FFF42B70000-memory.dmp

Filesize
64KB

Download
memory/2564-11-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-9-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-13-0x00007FFF42B60000-0x00007FFF42B70000-memory.dmp

Filesize
64KB

Download
memory/2564-15-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-18-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-19-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-21-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-17-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-0-0x00007FFF45110000-0x00007FFF45120000-memory.dmp

Filesize
64KB

Download
memory/2564-65-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-14-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-40-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-53-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-44-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-60-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-63-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-62-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-64-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-1-0x00007FFF45110000-0x00007FFF45120000-memory.dmp

Filesize
64KB

Download
memory/2564-16-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-61-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-59-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-58-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-73-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-2-0x00007FFF45110000-0x00007FFF45120000-memory.dmp

Filesize
64KB

Download
memory/2564-90-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download
memory/2564-91-0x00007FFF85090000-0x00007FFF85285000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads