Analysis
-
max time kernel
37s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 22:18
Behavioral task
behavioral1
Sample
b68cfb007a53f826e517a0dfd26e27afe291af7f996607bf3004638bbd62e09b.xls
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
b68cfb007a53f826e517a0dfd26e27afe291af7f996607bf3004638bbd62e09b.xls
Resource
win10v2004-20240709-en
General
-
Target
b68cfb007a53f826e517a0dfd26e27afe291af7f996607bf3004638bbd62e09b.xls
-
Size
46KB
-
MD5
01cf067477c5127ff3ddb40af18a5aae
-
SHA1
9b6a554883d20809f52faaa1e29e7170bfdff4c9
-
SHA256
b68cfb007a53f826e517a0dfd26e27afe291af7f996607bf3004638bbd62e09b
-
SHA512
148ee946ee634da79733f5dd9af071e81712da85520f91178ceefac89cc2f0481fa450f634ef64db0848da7b3eb3b0389b8aa1e157fb1d5c70b4e474ff395eb9
-
SSDEEP
768:jQtvo+hzsk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJli2NxeUY:Uak3hbdlylKsgqopeJBWhZFGkE+cL2Np
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2644 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE 2644 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\b68cfb007a53f826e517a0dfd26e27afe291af7f996607bf3004638bbd62e09b.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2644