Analysis
-
max time kernel
46s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 21:48
Behavioral task
behavioral1
Sample
55a78e4c2f59100d881daeff60f1d5a70a7f5b15b3126c1bdf670f3437163f9f.xls
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
55a78e4c2f59100d881daeff60f1d5a70a7f5b15b3126c1bdf670f3437163f9f.xls
Resource
win10v2004-20240709-en
General
-
Target
55a78e4c2f59100d881daeff60f1d5a70a7f5b15b3126c1bdf670f3437163f9f.xls
-
Size
216KB
-
MD5
2d243529f761d17f318bb8f323353f2c
-
SHA1
6f2a9b6aedf2ca82029922ac8a228cd4a80f069c
-
SHA256
55a78e4c2f59100d881daeff60f1d5a70a7f5b15b3126c1bdf670f3437163f9f
-
SHA512
4f9459b6cbd86903e22cc6d8cf0d048430374f2d0832f668993cb4e2c30926aa4123703408ae8a8a75cd4883b894540bb03da106675d8aa4724e5f93f6195a60
-
SSDEEP
6144:enFPRnKYqUaAMOwm8m/5DJfxZfHIxEtjPOtioVjDGUU1qfDlavx+W/IE3uqeFk:E
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4760 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE 4760 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\55a78e4c2f59100d881daeff60f1d5a70a7f5b15b3126c1bdf670f3437163f9f.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4760
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize667B
MD54f08cf6fa83a0af5cb10c12a293f1548
SHA1bdfe98e5e2446d273ec9bc1394d9a398c2232920
SHA256570b30d407f65875db3a8ee57e087b353d77b6dd63fb05940db7a2982181a617
SHA5127f8421fdc4ebd1ae15cf07e4b5fd40360965e3c13c65463107ebe788e5875d45bf7916963906153e0366124ae0b1f453ec8e6f77df51f55f2a3cf9c773f97ca5