Analysis
-
max time kernel
36s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 22:12
Behavioral task
behavioral1
Sample
b501ebf24886ae5bc21820b86edf9d6a1c4fc40f6f9e16b70c9bf74f451a92d3.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
b501ebf24886ae5bc21820b86edf9d6a1c4fc40f6f9e16b70c9bf74f451a92d3.xls
Resource
win10v2004-20240709-en
General
-
Target
b501ebf24886ae5bc21820b86edf9d6a1c4fc40f6f9e16b70c9bf74f451a92d3.xls
-
Size
36KB
-
MD5
e14ac9bd7daec2fe5b132cb249abb6ea
-
SHA1
e1e28b51582eb1240e532e2d6ffd4b967e6e9a43
-
SHA256
b501ebf24886ae5bc21820b86edf9d6a1c4fc40f6f9e16b70c9bf74f451a92d3
-
SHA512
1e062d00180113ca1aa8fb0cdda47cdf59b8bafa1eedd31f08efa194f2a28a746aa1de8fbfb81b7c9888162cdf9d6b9112feb10ff1a3d1f52a0a7b3f4f8b87da
-
SSDEEP
768:itvo+wzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJTuu9ByX9wat1:Kok3hbdlylKsgqopeJBWhZFGkE+cL2NJ
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4540 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE 4540 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\b501ebf24886ae5bc21820b86edf9d6a1c4fc40f6f9e16b70c9bf74f451a92d3.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4540