Analysis
-
max time kernel
46s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2024 22:02
Behavioral task
behavioral1
Sample
48cc7f02d67c008cdb075b2e62aae4fc199d75e3d508e3ab3b1efc0d6e3cb429.xls
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
48cc7f02d67c008cdb075b2e62aae4fc199d75e3d508e3ab3b1efc0d6e3cb429.xls
Resource
win10v2004-20240611-en
General
-
Target
48cc7f02d67c008cdb075b2e62aae4fc199d75e3d508e3ab3b1efc0d6e3cb429.xls
-
Size
37KB
-
MD5
808902f7caeb651f270d48a6a4dbbcf1
-
SHA1
3318851f63ac941940a8149d64fc3aa2dac62970
-
SHA256
48cc7f02d67c008cdb075b2e62aae4fc199d75e3d508e3ab3b1efc0d6e3cb429
-
SHA512
ea3b6ac6da5c59e504332aade4da1d60c333b75aaa81e5dd87a76c6bbaee31bc660c3cda91e1cf379945b38b4611067c254c35021f91f7fad6290a73f52cd6bf
-
SSDEEP
384:U7jC/9ziy3oaoU0g3xiS9yFiDoTqP3mFOcxUmAz1Ka2:USziy3oaoU0g3TYqPYTl
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2376 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
EXCEL.EXEpid process 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE 2376 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\48cc7f02d67c008cdb075b2e62aae4fc199d75e3d508e3ab3b1efc0d6e3cb429.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2376