Overview
overview
10Static
static
104072025_1...ft.exe
windows10-2004-x64
10ExamplesJe...ed.xls
windows10-2004-x64
1TvcomFreig...rs.xls
windows10-2004-x64
1TvcomFreig...es.xls
windows10-2004-x64
1TvcomFreight/Euro.xls
windows10-2004-x64
1TvcomFreig...er.xls
windows10-2004-x64
1TvcomFreig...on.xls
windows10-2004-x64
1TvcomFreight/V.xls
windows10-2004-x64
1Analysis
-
max time kernel
159s -
max time network
288s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 12:06
Static task
static1
Behavioral task
behavioral1
Sample
04072025_1206_ChristopherCraft.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
ExamplesJennifer/Enjoyed.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral3
Sample
TvcomFreight/Browsers.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
TvcomFreight/Closes.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral5
Sample
TvcomFreight/Euro.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral6
Sample
TvcomFreight/Observer.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral7
Sample
TvcomFreight/Opinion.xls
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
TvcomFreight/V.xls
Resource
win10v2004-20250502-en
General
-
Target
ExamplesJennifer/Enjoyed.xls
-
Size
85KB
-
MD5
d429c47f0cc10ad4611eca4e3af6b175
-
SHA1
87464cd046524092d076cd8493a87e6ef437164e
-
SHA256
30167494f93fe884630f33d0db988794f24bf7cd1e4677f6b98da99c7fcbe4c5
-
SHA512
4e2c6ce9a3b1ca703874cfba03c74344fc936773a6333cc6b786db828541b3e46b28fedf84591562ab14150587eaa1542b43c41ff45960e8c584d736e2f9b0f0
-
SSDEEP
1536:aWk8z5i/Cn3iTvAp6bRjBz8Ui3ug54wlNvOi8O9qFxgyAzk:d1z0aSD7BBz8H3n54C52E1g
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2612 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE 2612 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ExamplesJennifer\Enjoyed.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2612
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD55001940ac5022c8abe99bc68bc8841a1
SHA1df4f78d1e3db20803cd6f781e7be64288806c967
SHA2569b1eea31f2416da178b428d6d164d396c208c2a80ccd7c26b1d531c2abcf8a22
SHA51225755af2593aad0b3bc1f3838c52b155eaa7b9cab220be3f6ae66a4a2cc8104266a25d9c36e317864436cb8b4acd25a03b73a822542d16dba8f42f79be0fa6a8