Analysis
-
max time kernel
56s -
max time network
59s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:38
Static task
static1
Behavioral task
behavioral1
Sample
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls
Resource
win10v2004-20241007-en
General
-
Target
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls
-
Size
141KB
-
MD5
f8c0a75209eb7f0906c48bdd9f842439
-
SHA1
d56ce165f1a16ad9ec9d6a741d5b07a196c0300f
-
SHA256
06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c
-
SHA512
bb6c8323c75cf0baea800ad7d797fc3ad2dd3ba2cfcae8a218d80480e68bd0958c870f5e7f28f59f3ce7b970a11b31a3e0be76cb6c4ca7c7a9e631a459b9309d
-
SSDEEP
3072:ZgMhkCtInlwBcjw9EiFj63EKjHDJEnROksRiWiJFRUQO6:UCt2jiEkj2E6JEnRO1Ru
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3552 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3552 EXCEL.EXE 3552 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE 3552 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\06f956c0f8307b2acc402fa737ca82bfc6b35c8512a938987e024c945c0e235c.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5ce318cba2666697d3f053e5a2a57792f
SHA12768aca25d207d1a5027367075dda9a945f99c98
SHA256a5646b849f96bcd8753aedcbae21819b67dfe6bc60200aa46145ee6eaeac6d74
SHA51209661804275b0f70393fff2caeb456d10964fb42ba5485783a25747ca9f4f241dee2ad3431d5588bf9351ec91576aa17000d84ba56b1f522acad988c3be6b821
-
Filesize
385B
MD548da198f090972c6b14f7a81a0a590a1
SHA1a08e3e3ad58b14adb99d032a270f442106db5052
SHA2567759b7a4f5fb153b96f9586a37b0779562df21dc9c0c3550cc2a5fe65ea764cb
SHA5121e2484df89e23a4d6c32ba1addeb7400c946d19b02dedd6fe5b176b16da4f5d71c9c094685d9564da3139dcbfc0df1afe2129bc4608aab3ac2c9b475451ecb81
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD55729f6b312136d066e53bdde7e8e95f8
SHA13e07a732ec91f5728dd1158a50a05f581690eb63
SHA25682ac332cc32d55648876eb995bb8d9e54562480c074a663bd789c74db1b9878d
SHA512e2acec710d7655f36c63367c5fb888ce4c7d493bc6403c6cc6b7839a953b314a25ac93e54bdfcbdba79588379598b62890a6a0d7607e6f9491f9730725cf80af