Analysis
-
max time kernel
39s -
max time network
42s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 22:08
Behavioral task
behavioral1
Sample
45997ef2eedbf262c4b7bff1efadbdeb83029b67b0ce6cf8896fd83b56a910ff.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
45997ef2eedbf262c4b7bff1efadbdeb83029b67b0ce6cf8896fd83b56a910ff.xls
Resource
win10v2004-20240709-en
General
-
Target
45997ef2eedbf262c4b7bff1efadbdeb83029b67b0ce6cf8896fd83b56a910ff.xls
-
Size
46KB
-
MD5
e3a91b401fa7a9d16a17e16e56510eb4
-
SHA1
188c345ded8aeed9583d931d6820ff97deb29cf0
-
SHA256
45997ef2eedbf262c4b7bff1efadbdeb83029b67b0ce6cf8896fd83b56a910ff
-
SHA512
d17ee5f4145900c6247a3eb17c61a7ecfa8842514e79d1f7030e5bb94c816ec33b7950c8d639b9a812b2dbe9568e901a07fac54f5972f4dffd57eb2a50815e50
-
SSDEEP
768:Rtvo+uzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJKXrDV8QOayw:pyk3hbdlylKsgqopeJBWhZFGkE+cL2NE
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3256 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE 3256 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\45997ef2eedbf262c4b7bff1efadbdeb83029b67b0ce6cf8896fd83b56a910ff.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3256