Analysis
-
max time kernel
101s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 12:20
Static task
static1
Behavioral task
behavioral1
Sample
f783d085f12c08c5ff46cc1acc4db5aaa2a122ddd4d6e0544e991d7c98d7fbdf.xlsx
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f783d085f12c08c5ff46cc1acc4db5aaa2a122ddd4d6e0544e991d7c98d7fbdf.xlsx
Resource
win10v2004-20240802-en
General
-
Target
f783d085f12c08c5ff46cc1acc4db5aaa2a122ddd4d6e0544e991d7c98d7fbdf.xlsx
-
Size
8KB
-
MD5
3c441a74f9466793ebedad4151ac2155
-
SHA1
d9de29ad2f817722afc6895c35611b9fe8a08c4a
-
SHA256
f783d085f12c08c5ff46cc1acc4db5aaa2a122ddd4d6e0544e991d7c98d7fbdf
-
SHA512
b4525531f6b0efc652f2f091eafce9db859b8bd8a678bcf1810d7a81460f161cd8d97b61dd86fc284a70902b4f1d13cf45270c17d02d3e18e0f54088e5276994
-
SSDEEP
192:wc8mVrb3UrodVBSkhAg2fvOQfYHD8ttJbDIXijZkl:wc313aibZ2fvflthKiVkl
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1600 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE 1600 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\f783d085f12c08c5ff46cc1acc4db5aaa2a122ddd4d6e0544e991d7c98d7fbdf.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize3KB
MD54186684a2446755ea018480dcc8fdd12
SHA1a3bb26b66d7b93af84841cd8f13abe097eb10093
SHA2564cc0739b8cec6f762ead391e08519dbb47c86eedd17d70f44ee22efd2de91a68
SHA512376f0b3afc1f84d3fef336c22e8f3862e5b597851b922140596d41b291bd837385dfdbee7c662fbd4ce6336b82ea627b68316712dea88cf39985810b748cbb22