Analysis
-
max time kernel
14s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 21:38
Static task
static1
Behavioral task
behavioral1
Sample
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls
Resource
win10v2004-20241007-en
General
-
Target
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls
-
Size
141KB
-
MD5
f8c0a75209eb7f0906c48bdd9f842439
-
SHA1
d56ce165f1a16ad9ec9d6a741d5b07a196c0300f
-
SHA256
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c
-
SHA512
bb6c8323c75cf0baea800ad7d797fc3ad2dd3ba2cfcae8a218d80480e68bd0958c870f5e7f28f59f3ce7b970a11b31a3e0be76cb6c4ca7c7a9e631a459b9309d
-
SSDEEP
3072:ZgMhkCtInlwBcjw9EiFj63EKjHDJEnROksRiWiJFRUQO6:UCt2jiEkj2E6JEnRO1Ru
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EXCEL.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2060 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2060 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2060 EXCEL.EXE 2060 EXCEL.EXE 2060 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2060
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5ce318cba2666697d3f053e5a2a57792f
SHA12768aca25d207d1a5027367075dda9a945f99c98
SHA256a5646b849f96bcd8753aedcbae21819b67dfe6bc60200aa46145ee6eaeac6d74
SHA51209661804275b0f70393fff2caeb456d10964fb42ba5485783a25747ca9f4f241dee2ad3431d5588bf9351ec91576aa17000d84ba56b1f522acad988c3be6b821