Overview
overview
10Static
static
319979.exe
windows7-x64
1019979.exe
windows10-2004-x64
10Factura_855.pdf.exe
windows7-x64
10Factura_855.pdf.exe
windows10-2004-x64
7qfmjhb.exe
windows7-x64
3qfmjhb.exe
windows10-2004-x64
3Fattura_855.pdf.exe
windows7-x64
10Fattura_855.pdf.exe
windows10-2004-x64
7gocbcx.exe
windows7-x64
3gocbcx.exe
windows10-2004-x64
3IoC/MIL000...0.xlsm
windows7-x64
3IoC/MIL000...0.xlsm
windows10-2004-x64
1IoC/PO.xlsx
windows7-x64
8IoC/PO.xlsx
windows10-2004-x64
1PO_2022-04-33981.exe
windows7-x64
3PO_2022-04-33981.exe
windows10-2004-x64
10IoC/Pagamento.xlsx
windows7-x64
8IoC/Pagamento.xlsx
windows10-2004-x64
1IoC/SHIPPI...TS.rtf
windows7-x64
8IoC/SHIPPI...TS.rtf
windows10-2004-x64
3SMK_29082022.exe
windows7-x64
10SMK_29082022.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
21-11-2024 20:05
Static task
static1
Behavioral task
behavioral1
Sample
19979.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
19979.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Factura_855.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Factura_855.pdf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
qfmjhb.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
qfmjhb.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Fattura_855.pdf.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Fattura_855.pdf.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
gocbcx.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
gocbcx.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
IoC/MIL0000640730.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
IoC/MIL0000640730.xlsm
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
IoC/PO.xlsx
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
IoC/PO.xlsx
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
PO_2022-04-33981.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
PO_2022-04-33981.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
IoC/Pagamento.xlsx
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
IoC/Pagamento.xlsx
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
IoC/SHIPPING DOCUMENTS.rtf
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
IoC/SHIPPING DOCUMENTS.rtf
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
SMK_29082022.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
SMK_29082022.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
General
-
Target
IoC/PO.xlsx
-
Size
673KB
-
MD5
916e97845046785cd1cecd13eb9066cb
-
SHA1
10482433036f11039984f19c754bb75118fee761
-
SHA256
4746681c92d6308c66e76d7ffc022d7fd91b91e364c3909875555dc13c13f28f
-
SHA512
9e9b992540e71970b3f64195e34bcbb4447f2dee690aea11a8ae4636a69e9ad16c27f43a927b5cd8b1178b9201dd460569882ee7ddf192fdb45cc3edcc8e38be
-
SSDEEP
12288:4HukDNlkQ4jffozcmljqcp25wqI/FMhVRCByJb0vpFP2srFVc7B2YCeNtRi5:Kv4j7TWQwqwF4IFb/c7BaUi5
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid Process 2124 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
Processes:
EXCEL.EXEpid Process 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE 2124 EXCEL.EXE -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\IoC\PO.xlsx"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2124