Overview
overview
10Static
static
104072025_1...ft.exe
windows10-2004-x64
10ExamplesJe...ed.xls
windows10-2004-x64
1TvcomFreig...rs.xls
windows10-2004-x64
1TvcomFreig...es.xls
windows10-2004-x64
1TvcomFreight/Euro.xls
windows10-2004-x64
1TvcomFreig...er.xls
windows10-2004-x64
1TvcomFreig...on.xls
windows10-2004-x64
1TvcomFreight/V.xls
windows10-2004-x64
1Analysis
-
max time kernel
109s -
max time network
215s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 12:06
Static task
static1
Behavioral task
behavioral1
Sample
04072025_1206_ChristopherCraft.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
ExamplesJennifer/Enjoyed.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral3
Sample
TvcomFreight/Browsers.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral4
Sample
TvcomFreight/Closes.xls
Resource
win10v2004-20250619-en
Behavioral task
behavioral5
Sample
TvcomFreight/Euro.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral6
Sample
TvcomFreight/Observer.xls
Resource
win10v2004-20250610-en
Behavioral task
behavioral7
Sample
TvcomFreight/Opinion.xls
Resource
win10v2004-20250502-en
Behavioral task
behavioral8
Sample
TvcomFreight/V.xls
Resource
win10v2004-20250502-en
General
-
Target
TvcomFreight/Opinion.xls
-
Size
68KB
-
MD5
2b5fcb3cd72546ec42e467574044d822
-
SHA1
253ba53ed24d55c422e38f5bd66ff4448de08c93
-
SHA256
ddfd3dc555d81c08940e0632d7ad5c21891999d4e005361069f8a2beacfd3228
-
SHA512
79d2ffdb33766b62201ee356d5b4ebcdbad9587a2bcc5e33c3dd258fad5a54aaf509668a324a4789ebb6bad0e4a131eebf8822561f2d3a52a4afb9ce9b549e59
-
SSDEEP
1536:v2kPXhF/3aUKqwsmjJXJplfjJGHvSBaM2D56ZRiu8PtAYNufZrOWuG9:v2uxh3nKqwsQfjJGH7M2DAPnqSrOWu8
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3340 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE 3340 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\TvcomFreight\Opinion.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3340
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD50991107a261c046c2f26ba2db340500c
SHA1aaee9e5bd64497ca769ee74f92246c3c6c6c231b
SHA256207d1d79db5dc0d29a5053422b0c188d9d80f75b1341aa3f06d9762ebf1d3b64
SHA51205c0d862066c1ca1dfddd5dc1f767a64bdbc02bfbbd91d313835377a5692afe7bd1e2adc6deecbc49534579108ce39bfd2d4d6504e75b38bcbcaaa8cdbf3744a