Analysis
-
max time kernel
43s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 22:15
Behavioral task
behavioral1
Sample
adc6fcbeb34fae4aaa40735a45f67c921fd400b4a0b68f64593fa83b17a5f52d.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
adc6fcbeb34fae4aaa40735a45f67c921fd400b4a0b68f64593fa83b17a5f52d.xls
Resource
win10v2004-20240709-en
General
-
Target
adc6fcbeb34fae4aaa40735a45f67c921fd400b4a0b68f64593fa83b17a5f52d.xls
-
Size
46KB
-
MD5
8384ec9a5e86dccbcbe89c3783c488df
-
SHA1
451704ad871c815be69887bf36a5335897904d53
-
SHA256
adc6fcbeb34fae4aaa40735a45f67c921fd400b4a0b68f64593fa83b17a5f52d
-
SHA512
e331a7725d51a414c796c788f9f688b795165d137d53f09efdbfe770233242943bd1a285f4fc680393df830e75ca56e6f3a01c0be56e768040aa21bf75a07f76
-
SSDEEP
768:Mtvo+wzZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJ/5afReXA:8ok3hbdlylKsgqopeJBWhZFGkE+cL2ND
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1464 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE 1464 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\adc6fcbeb34fae4aaa40735a45f67c921fd400b4a0b68f64593fa83b17a5f52d.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1464