Analysis
-
max time kernel
35s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
23-07-2024 22:06
Behavioral task
behavioral1
Sample
0675acd14632bfa70edd05110166d59359c3f60f79a26ce7f2218c3a8a33b900.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
0675acd14632bfa70edd05110166d59359c3f60f79a26ce7f2218c3a8a33b900.xls
Resource
win10v2004-20240709-en
General
-
Target
0675acd14632bfa70edd05110166d59359c3f60f79a26ce7f2218c3a8a33b900.xls
-
Size
46KB
-
MD5
01cee30c6660c691a3df521b882583f6
-
SHA1
116f0ab0441edf091496e1fc4103bf734073b19d
-
SHA256
0675acd14632bfa70edd05110166d59359c3f60f79a26ce7f2218c3a8a33b900
-
SHA512
b05e0d55be44975b5dd4c2b1359b4d96250bc7f77de0156ec0eeee61d6db718ad0f2043528cd9400e6395b8728f9854981d8b6b1d8fc833c72f7670279dffc59
-
SSDEEP
768:xtvo+/zZk3hbdlylKsgqopeJBWhZFGkE+cL2NdAJgTTlgWbaNc:J1k3hbdlylKsgqopeJBWhZFGkE+cL2Nf
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2940 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE 2940 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\0675acd14632bfa70edd05110166d59359c3f60f79a26ce7f2218c3a8a33b900.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2940