Analysis
-
max time kernel
47s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
24-07-2024 21:25
Behavioral task
behavioral1
Sample
4d46cc69b5b449a6fc9b73d067e117d7f231626a76de61dd46772b5d5df1f9e5.xls
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4d46cc69b5b449a6fc9b73d067e117d7f231626a76de61dd46772b5d5df1f9e5.xls
Resource
win10v2004-20240704-en
General
-
Target
4d46cc69b5b449a6fc9b73d067e117d7f231626a76de61dd46772b5d5df1f9e5.xls
-
Size
3.7MB
-
MD5
70942019011a5362ad1bdb87fdda5dc3
-
SHA1
f4276054c838f58fd1f11700372751a2b732d54b
-
SHA256
4d46cc69b5b449a6fc9b73d067e117d7f231626a76de61dd46772b5d5df1f9e5
-
SHA512
a2d49ef7bddcd5425751015651cbd6ac6d52dc71d34a6f665e8d8bba3cf8de20c9a243a2889d1c864151939c6d14bccbb2e1121ff37f0279ff31375c9a10b963
-
SSDEEP
98304:ijuG8NTCp6GOjEiwDjOc0PxoHpslWdAi75Z9z/7M9gp:ijuGuTCpBO5OjOc0SJb5FZ9zDMGp
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4548 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE 4548 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4d46cc69b5b449a6fc9b73d067e117d7f231626a76de61dd46772b5d5df1f9e5.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize3KB
MD5a86f7f6ad3fa45efb35b3918b6bbcfd8
SHA1f79a5729e2bba4b8a77ff2265b065a68b8182e52
SHA256982f4343d822212472a869094578549dbfd62ae460310e4ffe043c9a3a11574b
SHA512e2e6c5c5fb4fad4c1fb2ffdb1f7aa12d10f451b59eb22cab6d65ce7d42639875749f877a82a3d73e741a1040edc18386a777e57a1f02005bf57eb0e9788642bc