cfa879cf0a4e4d771307f7b5d802156270de22be2aa0a7b5ab25d131487b2264

General

Target

cfa879cf0a4e4d771307f7b5d802156270de22be2aa0a7b5ab25d131487b2264.xls
Size

205KB
MD5

be533fca0338d2fd1d064acc4eb37705
SHA1

a32d3f01b50f192503149d216179208ecc836200
SHA256

cfa879cf0a4e4d771307f7b5d802156270de22be2aa0a7b5ab25d131487b2264
SHA512

ad696827e723baeaa29d0a74160020e14a8a8eef7476d9a4394387547c318c1c6edad8032c0fc9b0a0f69c2283574b52248f2bdaf9735bdcba9c30f947d890e6
SSDEEP

6144:S9k3hOdsylKlgryzc4bNhZF+E+EgwKYAdP+AK9oEU:SpK

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3668	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE
3668	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\cfa879cf0a4e4d771307f7b5d802156270de22be2aa0a7b5ab25d131487b2264.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VBEEF5.tmp

Filesize
1KB

MD5
a950fcfb38c4bd2aed2ab8de725d0c4f

SHA1
93b21283abc042f7b21a78a4551e98a96bff73a3

SHA256
5474b6db2ec8267733054de176aa0096e5d4a6e656dc9d8766c810528ac8b5c1

SHA512
2ef190c0e1542bcec78f27719b42579fd0f5bb0b3c538c1e8ed3619266b018ba7185e3cf2c2b5a1b6b34cb217596f3e184a6116f418b7792d5d034dcb9915be4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
393B

MD5
5122a1376a03c0dcf3e77b795f83a3ee

SHA1
b1258e4a08038c9b13ff498cbd84b7cc4d011981

SHA256
eeeebaedf82f60cd6a94c875492933b81a8060af0692b67bb8f0c7dd27a01371

SHA512
10fca839a53819a070790fe66b65f72570b1e5a1e3bc8def199e8bc859d81292247a19c7eaa5072be99b89cd4fba82a0d9acb7f26f5400b0b0ae45bbce31badc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
671B

MD5
1e66d3b776aefe56f4e5b75d9abea883

SHA1
700c8699949bfb846b237ae7ec3b2f771714ef8f

SHA256
10d5fcc1954baf5079655d6fd794c64bc37512a87cfce231d290f4ed3c765734

SHA512
aaf5b227e9bd7d8bda3f389cca440320230f5a8e745da36372d72471627283904b5d14fd1d67d254632aa6f79024cfa2a94d18ead92d4d880f7ef6caedc12ea9

Download Submit
memory/3668-23-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-39-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-4-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

Filesize
64KB

Download
memory/3668-6-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-7-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

Filesize
64KB

Download
memory/3668-10-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-9-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-12-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-13-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-11-0x00007FFE24D50000-0x00007FFE24D60000-memory.dmp

Filesize
64KB

Download
memory/3668-8-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-14-0x00007FFE24D50000-0x00007FFE24D60000-memory.dmp

Filesize
64KB

Download
memory/3668-22-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-1-0x00007FFE6712D000-0x00007FFE6712E000-memory.dmp

Filesize
4KB

Download
memory/3668-5-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-38-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-2-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

Filesize
64KB

Download
memory/3668-40-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-37-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-50-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-3-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

Filesize
64KB

Download
memory/3668-68-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-69-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-70-0x00007FFE6712D000-0x00007FFE6712E000-memory.dmp

Filesize
4KB

Download
memory/3668-71-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-72-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-73-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-74-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-75-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-76-0x00007FFE67090000-0x00007FFE67285000-memory.dmp

Filesize
2.0MB

Download
memory/3668-0-0x00007FFE27110000-0x00007FFE27120000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads