Analysis
-
max time kernel
46s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 21:43
Behavioral task
behavioral1
Sample
b49098bbfd39aafac96ae008f11d96c029d7087c920f1053f132252e006f6c50.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b49098bbfd39aafac96ae008f11d96c029d7087c920f1053f132252e006f6c50.xls
Resource
win10v2004-20240709-en
General
-
Target
b49098bbfd39aafac96ae008f11d96c029d7087c920f1053f132252e006f6c50.xls
-
Size
234KB
-
MD5
aa47e410e1babdf352403b4e6772d18b
-
SHA1
925bfb8f49073fc82855bb7611d8b720a1da8a2f
-
SHA256
b49098bbfd39aafac96ae008f11d96c029d7087c920f1053f132252e006f6c50
-
SHA512
ef287cccdf2904177bb8c50768c63f47185f872c0ea30435a1c254a4bd202356e945d2c4420cae498ec1889da1c7e0dd7050f171b3cb6e83dfd1431ea1a15e1a
-
SSDEEP
6144:DnFPRnKYqUaAMOwm8m/5DJfxZfHIxEtjPOtioVjDGUU1qfDlavx+W/IE3uqqF2:9
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2016 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE 2016 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\b49098bbfd39aafac96ae008f11d96c029d7087c920f1053f132252e006f6c50.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KYKAKGQ60ZIT0Z9M7CA9.temp
Filesize674B
MD54610cd3c14a4be25cc48f5a5c94f3ebd
SHA1a8f5ff930da3ae4c1678786eadd9a7e82b860dce
SHA256bf92cb4f00ea366d177af2fb78fadccedb64eea1352edbf2dc59b2125c0b7249
SHA512330221f3433f82ba2a2a61cc4064c46d4a74c2b8261ed6b61581bb68c4235cbb1e4886c1a04e76cf0b0f329d23d06c6e62280524ca6e7e6ef498d9600ccde095