Overview
overview
10Static
static
104072025_1...ft.exe
windows10-2004-x64
10ExamplesJe...ed.xls
windows10-2004-x64
1TvcomFreig...rs.xls
windows10-2004-x64
1TvcomFreig...es.xls
windows10-2004-x64
1TvcomFreight/Euro.xls
windows10-2004-x64
1TvcomFreig...er.xls
windows10-2004-x64
1TvcomFreig...on.xls
windows10-2004-x64
1TvcomFreight/V.xls
windows10-2004-x64
1Analysis
-
max time kernel
108s -
max time network
214s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 12:06
Static task
static1
Behavioral task
behavioral1
Sample
04072025_1206_ChristopherCraft.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
ExamplesJennifer/Enjoyed.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral3
Sample
TvcomFreight/Browsers.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
TvcomFreight/Closes.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral5
Sample
TvcomFreight/Euro.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral6
Sample
TvcomFreight/Observer.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral7
Sample
TvcomFreight/Opinion.xls
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
TvcomFreight/V.xls
Resource
win10v2004-20250502-en
General
-
Target
TvcomFreight/Observer.xls
-
Size
52KB
-
MD5
44c2060e55b67e3a1e6c1c6d9718732a
-
SHA1
0517ad7625d36b11a8ce2bb8f10d9ff196d5dc20
-
SHA256
c71df96688a046f890fa005f28b89b9a806e4519db689f55914aeb3ac04390e5
-
SHA512
087b07b06a84ea9b93779028aa80423624d8a038d5f8f2e8b57397d2afd2046230d31ede1bf40f1ca778a4af7a8d89d4cddd97fd025fbe0d48dfff3c12465312
-
SSDEEP
1536:o1xroDpYYzJFvVwuYcXIYDj013l3uyv84vcbO:KroWkvq+IYP0vuyv84vcC
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 5944 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE 5944 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\TvcomFreight\Observer.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5944