68aa3dc595e24aff85aab47dbfd01e382b41e072357aebec61f75faf0d311828

General

Target

68aa3dc595e24aff85aab47dbfd01e382b41e072357aebec61f75faf0d311828.xls
Size

33KB
MD5

00d5eddf80a010f24ff5cfc34f6ca39e
SHA1

ca5610ffd7afb3096e313fd77cb996aadc94e439
SHA256

68aa3dc595e24aff85aab47dbfd01e382b41e072357aebec61f75faf0d311828
SHA512

6c577d3247764319bcc44b714772d51ada7622a86eaab01b9e0612f662de13e8cdbf2cbcdc66e8c2fef071aeff4f665ba889dcb0e2615c855b881bb71e3fd275
SSDEEP

768:wkrk3hOdsylKlgxopeiBNhZFGzE+cL4LglnAZnLoedum8io:pk3hOdsylKlgxopeiBNhZFGzE+cL4LgV

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2564	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE
2564	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\68aa3dc595e24aff85aab47dbfd01e382b41e072357aebec61f75faf0d311828.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
36d6221e264118c008d71f17d520b716

SHA1
685c1b0a5f8e7561b524a668cd6b5e5f2d119e2e

SHA256
edcc9dba7dd8243fada1675c08fa9cc8a060f6155bfbed566b7d28762b45224e

SHA512
591c31c302da6f803913574aa531822bbd4dbca7318e0ec65e86c030ec2303598bd6bcd2a6049c37e15824a756ad4628dc1bc136980a7925e8d869ffbe1d5145

Download Submit
memory/2564-21-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-5-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/2564-14-0x00007FF8202B0000-0x00007FF8202C0000-memory.dmp

Filesize
64KB

Download
memory/2564-0-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/2564-2-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/2564-8-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-9-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-10-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-11-0x00007FF8202B0000-0x00007FF8202C0000-memory.dmp

Filesize
64KB

Download
memory/2564-7-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-13-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-12-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-6-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-16-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-15-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-17-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-4-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/2564-20-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-3-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/2564-23-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-22-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-19-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-18-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-34-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-33-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-43-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-44-0x00007FF86262D000-0x00007FF86262E000-memory.dmp

Filesize
4KB

Download
memory/2564-45-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-46-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-48-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-47-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-50-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-49-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-51-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-52-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/2564-1-0x00007FF86262D000-0x00007FF86262E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads