Overview
overview
10Static
static
3New Setup ...up.exe
windows7-x64
10New Setup ...up.exe
windows10-2004-x64
10New Setup ...er.dll
windows7-x64
1New Setup ...er.dll
windows10-2004-x64
1New Setup ...h.xlsx
windows7-x64
1New Setup ...h.xlsx
windows10-2004-x64
1New Setup ...ib.dll
windows7-x64
1New Setup ...ib.dll
windows10-2004-x64
1New Setup ...er.exe
windows7-x64
1New Setup ...er.exe
windows10-2004-x64
1New Setup ...or.exe
windows7-x64
1New Setup ...or.exe
windows10-2004-x64
1New Setup ...1].exe
windows7-x64
1New Setup ...1].exe
windows10-2004-x64
1New Setup ...st.dll
windows7-x64
1New Setup ...st.dll
windows10-2004-x64
1New Setup ...1].exe
windows7-x64
1New Setup ...1].exe
windows10-2004-x64
3New Setup ...1].exe
windows7-x64
1New Setup ...1].exe
windows10-2004-x64
1New Setup ...er.dll
windows7-x64
1New Setup ...er.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1New Setup ...-0.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
26-05-2024 16:22
Static task
static1
Behavioral task
behavioral1
Sample
New Setup File/Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
New Setup File/Setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
New Setup File/WebView2Loader.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
New Setup File/WebView2Loader.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
New Setup File/sasquatch.xlsx
Resource
win7-20240419-en
Behavioral task
behavioral6
Sample
New Setup File/sasquatch.xlsx
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
New Setup File/x64/AzureKeyVaultDgssLib.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
New Setup File/x64/AzureKeyVaultDgssLib.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
New Setup File/x64/BugReporter.exe
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
New Setup File/x64/BugReporter.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
New Setup File/x64/ComExtractor.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
New Setup File/x64/ComExtractor.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
New Setup File/x64/HDHelper_[0MB]_[1].exe
Resource
win7-20240508-en
Behavioral task
behavioral14
Sample
New Setup File/x64/HDHelper_[0MB]_[1].exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
New Setup File/x64/Microsoft.Toolkit.Win32.UI.XamlHost.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
New Setup File/x64/Microsoft.Toolkit.Win32.UI.XamlHost.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
New Setup File/x64/NvStereoUtilityOGL_[1MB]_[1].exe
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
New Setup File/x64/NvStereoUtilityOGL_[1MB]_[1].exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
New Setup File/x64/VSLauncher_[0MB]_[1].exe
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
New Setup File/x64/VSLauncher_[0MB]_[1].exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
New Setup File/x64/WinUiBootstrapper.dll
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
New Setup File/x64/WinUiBootstrapper.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
New Setup File/x64/api-ms-win-core-console-l1-1-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
New Setup File/x64/api-ms-win-core-console-l1-2-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
New Setup File/x64/api-ms-win-core-datetime-l1-1-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral26
Sample
New Setup File/x64/api-ms-win-core-debug-l1-1-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
New Setup File/x64/api-ms-win-core-errorhandling-l1-1-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
New Setup File/x64/api-ms-win-core-fibers-l1-1-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
New Setup File/x64/api-ms-win-core-file-l1-1-0.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral30
Sample
New Setup File/x64/api-ms-win-core-file-l1-2-0.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
New Setup File/x64/api-ms-win-core-file-l2-1-0.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral32
Sample
New Setup File/x64/api-ms-win-core-handle-l1-1-0.dll
Resource
win10v2004-20240426-en
General
-
Target
New Setup File/sasquatch.xlsx
-
Size
1.4MB
-
MD5
9a729e45ce98559ded4824e806035152
-
SHA1
0a351653ed9038e33f184b7f34422929c3dc3b54
-
SHA256
a7c9e90e0c4783b0a3617b40e927517fde7e6f427ac8707ec4b910069c0554e1
-
SHA512
52c190c4ba7e502964a262a432491db144324b2fde6249be928bf510c07aa4f30b13a36715d6d83bf6454f405a1a5dd299a264f222b8bbdb1069e6920c2fb96a
-
SSDEEP
24576:TsBtY2iDN++2P626SSOsyMMDVVqX8aXs99AffGWM9xFW2rZQCRVmxDtrd6JAMCb:TsDsDmyOsqDHmc992TM9S2rSKVmsCNb
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 4324 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
EXCEL.EXEpid process 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE 4324 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\New Setup File\sasquatch.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4324