Analysis Overview
SHA256
fd62ac86f5e2da4b3da3cb884f12fea79156ef2c8427a6a86258c88cfa98244e
Threat Level: No (potentially) malicious behavior was detected
The file Exported Data(5).csv was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:40
Reported
2024-06-03 13:44
Platform
win11-20240508-en
Max time kernel
146s
Max time network
194s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Exported Data(5).csv"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| GB | 52.109.28.47:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.28.109.52.in-addr.arpa | udp |
| US | 52.111.229.19:443 | tcp |
Files
memory/3456-0-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-1-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-2-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-3-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-4-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-5-0x00007FFD4DBA3000-0x00007FFD4DBA4000-memory.dmp
memory/3456-7-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-6-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-9-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-8-0x00007FFD0B430000-0x00007FFD0B440000-memory.dmp
memory/3456-10-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-11-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-13-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-14-0x00007FFD0B430000-0x00007FFD0B440000-memory.dmp
memory/3456-18-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-15-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-12-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-17-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-16-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-20-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-19-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-28-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp
memory/3456-37-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-38-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-40-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-39-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp
memory/3456-41-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp