Analysis
-
max time kernel
101s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
19-07-2024 05:31
General
-
Target
Examples/Knapsack Example.xlsx
-
Size
12KB
-
MD5
fd016914729be655cb2262f20c5ae999
-
SHA1
fe02e3d0a2bf630081b373db808325620f9ef5fd
-
SHA256
01c15f8963ff6013d5d223483c39f41e5eb15c2d289316c5383b938cbb825afe
-
SHA512
299c2ff2346533992da25082a13c71e51862ced4c0deee6b0a144b4eaa6e6f118a1d765525227a5e5c08dffce049c8f3f28b4a2d8275dbdf4613cada1f67cd60
-
SSDEEP
192:RU4YVMaSjIJ6+TrTlcplrFBkjI4WjP91JYntTyC9/Po:C4YVMFIJPzyYjI4WjP9HYntT5o
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Examples\Knapsack Example.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-msFilesize
3KB
MD59210afb91a131e2f181cf04a4c6c9dc6
SHA1c2723a3f4767744a69be54e7d7ae76089a08ca06
SHA2564f8219256c68f25d36d3a10bcb4eae2bc004754eae5529aeeebeb4382e4d999e
SHA51226fb92105fd883819ca5132f16158f4812f856212cd5a92799b4b82df47568563a82c3c45fbb44e0692e5819495731cb4607a74cc90ea17cfb9885124d45fff9
-
memory/3636-7-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-59-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-6-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-4-0x00007FFAD954D000-0x00007FFAD954E000-memory.dmpFilesize
4KB
-
memory/3636-3-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-8-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-0-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-10-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-12-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-11-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-13-0x00007FFA97330000-0x00007FFA97340000-memory.dmpFilesize
64KB
-
memory/3636-9-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-5-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-1-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-38-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-17-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-19-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-18-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-14-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-20-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-2-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-16-0x00007FFAD94B0000-0x00007FFAD96A5000-memory.dmpFilesize
2.0MB
-
memory/3636-55-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-56-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-58-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-57-0x00007FFA99530000-0x00007FFA99540000-memory.dmpFilesize
64KB
-
memory/3636-15-0x00007FFA97330000-0x00007FFA97340000-memory.dmpFilesize
64KB