Analysis
-
max time kernel
46s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
26/03/2025, 21:49
Behavioral task
behavioral1
Sample
3356322ba640e9dac21425b1f781e599684a4a380a250b4b98c50fec92407078.xls
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3356322ba640e9dac21425b1f781e599684a4a380a250b4b98c50fec92407078.xls
Resource
win10v2004-20250314-en
General
-
Target
3356322ba640e9dac21425b1f781e599684a4a380a250b4b98c50fec92407078.xls
-
Size
8.1MB
-
MD5
3e0a5c8b2a9736404b2da198615d6b05
-
SHA1
7fbd8391cb2f5ff4890e352f9a847a88aeaae8a9
-
SHA256
3356322ba640e9dac21425b1f781e599684a4a380a250b4b98c50fec92407078
-
SHA512
d0cb14a3a6799f24772d1088af2e30ee3deea37be54decfefec202c2122e870744ae71078f748d81644fef9605fe33c7ec0754bf394c0c200d6cefc789dc60da
-
SSDEEP
196608:7odQp9wCBwVDEnx2m1Cf9bDZnhst4axqEyol0S8hJMcxx:6AmCBKo2ppZn6t4aCov8Tbxx
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4468 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4468 EXCEL.EXE 4468 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE 4468 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3356322ba640e9dac21425b1f781e599684a4a380a250b4b98c50fec92407078.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4468
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD542a31361e79d75799d852ef0d216a202
SHA11e63c7ea38904fe59a1b4a8ca6e8129f0ceb7653
SHA256dbbfb10186345c59bf5f6e27317930ae66686b46ed78d6c536f3e98129089be1
SHA512fc122f3ef8c31ade7a260e38460eb9552d327edd666e7b6ab47ad99442c2d81601a18d0628b03067235c2c287ec42f17617bcd9a85cc3e7cb56462bf243d87a8