283354922c7d5016e50c2fa98c702b9f7ffd94010cf519fb22ade851f830202a

General

Target

2c09d3a56963998d19833b6edbdfbc3e58b62a58ca361e0275b81de740d6afdd.xlsm
Size

87KB
MD5

5862ac9976cba84fe24e72dd6380d330
SHA1

a1605db9c23eeb3f49958447023d9ff85df14b34
SHA256

2c09d3a56963998d19833b6edbdfbc3e58b62a58ca361e0275b81de740d6afdd
SHA512

4e1d2bfbb72c4351046e739155297368600430cb1e891822063983b1aa98b5d4396bbc7673623b71dbbadb1dfbe279864c5cc4e3a4afb06d1d709b1b2493d8f0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEEXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEEXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

EXCEL.EXEEXCEL.EXE

pid process

664 EXCEL.EXE
2236 EXCEL.EXE
Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

EXCEL.EXEEXCEL.EXE

pid process

664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
664 EXCEL.EXE
2236 EXCEL.EXE
2236 EXCEL.EXE

pid	process
664	EXCEL.EXE
2236	EXCEL.EXE

pid	process
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
664	EXCEL.EXE
2236	EXCEL.EXE
2236	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\2c09d3a56963998d19833b6edbdfbc3e58b62a58ca361e0275b81de740d6afdd.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2284

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\2c09d3a56963998d19833b6edbdfbc3e58b62a58ca361e0275b81de740d6afdd.xlsb"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2236

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
MD5
18fb30d027a36ba44cbd3e5e64461076

SHA1
2dbfb9e5a7e2e7924f59acf4334af97b857a1478

SHA256
7c758c323323b539af43581e044d2cb0ba93d8485177ea6e5e4a688bf0ffcebd

SHA512
68dfed59963c3c5c28162d1c7400233fdc7974d6a1efd5424ec1518fe3479d8000098b5b4b7d552ac2da6d2c28569ac0fd29d7125ba1b5347792bb32647d1e02

Download Submit
memory/664-273-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-114-0x00007FF7F88F0000-0x00007FF7FBEA6000-memory.dmp

Filesize
53.7MB

Download
memory/664-117-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-118-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-121-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-122-0x00007FFACCCE0000-0x00007FFACDDCE000-memory.dmp

Filesize
16.9MB

Download
memory/664-123-0x00007FFACADE0000-0x00007FFACCCD5000-memory.dmp

Filesize
31.0MB

Download
memory/664-274-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-115-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-116-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-271-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/664-272-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/2236-283-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/2236-277-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/2236-278-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/2236-279-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/2236-282-0x00007FFACC930000-0x00007FFACDA1E000-memory.dmp

Filesize
16.9MB

Download
memory/2236-276-0x00007FFAAC630000-0x00007FFAAC640000-memory.dmp

Filesize
64KB

Download
memory/2236-284-0x00007FFACAA30000-0x00007FFACC925000-memory.dmp

Filesize
31.0MB

Download
memory/2236-275-0x00007FF7F88F0000-0x00007FF7FBEA6000-memory.dmp

Filesize
53.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads