Analysis
-
max time kernel
47s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 21:45
Behavioral task
behavioral1
Sample
902ae5af92e9b991608119a286691fc8a0eaeb6eaffab73a05aeddaf19f42da7.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
902ae5af92e9b991608119a286691fc8a0eaeb6eaffab73a05aeddaf19f42da7.xls
Resource
win10v2004-20240709-en
General
-
Target
902ae5af92e9b991608119a286691fc8a0eaeb6eaffab73a05aeddaf19f42da7.xls
-
Size
217KB
-
MD5
68637ce70344b699118ecc6911a4d604
-
SHA1
2deb03b8b0cc94ae4afdded07c413f5042b11450
-
SHA256
902ae5af92e9b991608119a286691fc8a0eaeb6eaffab73a05aeddaf19f42da7
-
SHA512
56a4853173335f3791e3e1c6b076112005fb29cee97b8b5a9d90e0286c44f982fbae3b2ac38cb4e18ae00efc11dac86727744deb06b797c9aa120de1d4d33be3
-
SSDEEP
6144:QnFPRnKYqUaAMOwm8m/5DJfxNfHIxEtjPOtioVjDGUU1qfDlavx+W/IE3pqfr0:N
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2028 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE 2028 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\902ae5af92e9b991608119a286691fc8a0eaeb6eaffab73a05aeddaf19f42da7.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD5cff322f148007a72804fe3605de16d2e
SHA173fb6a92f595b1ecb6da017f2787dbfef8d11ff7
SHA25625e081cb4fa5f89f02cbf84cd3711ee0ec2419b2f41fab9f4a55686f959cd715
SHA512e80c151df6acec62d75e183dfca758fd0b3eb8fc2650b8e7d07eeaa4e0a5b8713277c560923ac590c520a97da678a8339ee8c8e991f798e495357acf5cb52abe