Malware Analysis Report

2025-01-17 23:30

Sample ID 240603-qym42shg26
Target Exported Data(5).csv
SHA256 fd62ac86f5e2da4b3da3cb884f12fea79156ef2c8427a6a86258c88cfa98244e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

fd62ac86f5e2da4b3da3cb884f12fea79156ef2c8427a6a86258c88cfa98244e

Threat Level: No (potentially) malicious behavior was detected

The file Exported Data(5).csv was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:40

Reported

2024-06-03 13:44

Platform

win11-20240508-en

Max time kernel

146s

Max time network

194s

Command Line

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Exported Data(5).csv"

Signatures

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Processes

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Exported Data(5).csv"

Network

Country Destination Domain Proto
US 8.8.8.8:53 roaming.officeapps.live.com udp
GB 52.109.28.47:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 47.28.109.52.in-addr.arpa udp
US 52.111.229.19:443 tcp

Files

memory/3456-0-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-1-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-2-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-3-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-4-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-5-0x00007FFD4DBA3000-0x00007FFD4DBA4000-memory.dmp

memory/3456-7-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-6-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-9-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-8-0x00007FFD0B430000-0x00007FFD0B440000-memory.dmp

memory/3456-10-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-11-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-13-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-14-0x00007FFD0B430000-0x00007FFD0B440000-memory.dmp

memory/3456-18-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-15-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-12-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-17-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-16-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-20-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-19-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-28-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp

memory/3456-37-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-38-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-40-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-39-0x00007FFD0DB90000-0x00007FFD0DBA0000-memory.dmp

memory/3456-41-0x00007FFD4DB00000-0x00007FFD4DD09000-memory.dmp