Overview
overview
10Static
static
104072025_1...ft.exe
windows10-2004-x64
10ExamplesJe...ed.xls
windows10-2004-x64
1TvcomFreig...rs.xls
windows10-2004-x64
1TvcomFreig...es.xls
windows10-2004-x64
1TvcomFreight/Euro.xls
windows10-2004-x64
1TvcomFreig...er.xls
windows10-2004-x64
1TvcomFreig...on.xls
windows10-2004-x64
1TvcomFreight/V.xls
windows10-2004-x64
1Analysis
-
max time kernel
108s -
max time network
220s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 12:06
Static task
static1
Behavioral task
behavioral1
Sample
04072025_1206_ChristopherCraft.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
ExamplesJennifer/Enjoyed.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral3
Sample
TvcomFreight/Browsers.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
TvcomFreight/Closes.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral5
Sample
TvcomFreight/Euro.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral6
Sample
TvcomFreight/Observer.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral7
Sample
TvcomFreight/Opinion.xls
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
TvcomFreight/V.xls
Resource
win10v2004-20250502-en
General
-
Target
TvcomFreight/Euro.xls
-
Size
94KB
-
MD5
d469b9ac05657dcc68db99926bcef248
-
SHA1
0f806e115a21ae525576c38ec249edc2a7c7b7c5
-
SHA256
a87eca97001728a9f08f7a01e4af5962315a31206757bbd844ee132f1b284b77
-
SHA512
0a4ddbeddb2931c545f7c9924e42679298457b6f7336196d0608c6ba4337666e74abd7aa480c1e692e0d516cc8738cf9f2d3bb1989dd4d01408bc536c4ffe3d4
-
SSDEEP
1536:l1Ya1SAMLBBQphS4gdNrGs3juRXmGUZdXaEUlw0zpL94L+MRaswtubvj1p5Giur:lPYFephrujuRUXaxm00K0aswt+71pXW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3492 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE 3492 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\TvcomFreight\Euro.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3492
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD50fd21ac973ed034036cd64616c6c15b9
SHA1b5e7b07df814049e212186d855b2b424635a9a3d
SHA256335ca27bb7a2f97e2184f2611ac42e2577575938e360c05d3048110ec7e70fd9
SHA5125eb449ed0e11e078a29ef9e00eb56bbcc438f60c5bff668074f1011268e47936530ba6cd695395b08be3a904fa2543473beb0bf8de05d789570ed95003c95cef