26da8ebb14184edf1c85c0d5981d81e441847856cdac50d5efe108a5e3424829

General

Target

tmp/26da8ebb14184edf1c85c0d5981d81e441847856cdac50d5efe108a5e3424829.xls
Size

301KB
MD5

27307aea0f6f1b4b37f1e9949710d6f1
SHA1

249f3fe9f387feb6abf8323043705d367063b1aa
SHA256

26da8ebb14184edf1c85c0d5981d81e441847856cdac50d5efe108a5e3424829
SHA512

e6847c0c946dfafbc57c2933af0e6fb4e32b44edab75a0750509c9b3b16331b0b3a4db1a9bf247d86f8d47ea2365c6e4f32d2cf36d093db9c2e4fe8b920285ae

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEMusNotification.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MusNotification.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MusNotification.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

628 EXCEL.EXE
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

MusNotification.exe

description pid process

Token: SeShutdownPrivilege 1476 MusNotification.exe
Token: SeCreatePagefilePrivilege 1476 MusNotification.exe

description	pid	process
Token: SeShutdownPrivilege	1476	MusNotification.exe
Token: SeCreatePagefilePrivilege	1476	MusNotification.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

EXCEL.EXE

pid	process
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE
628	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\tmp\26da8ebb14184edf1c85c0d5981d81e441847856cdac50d5efe108a5e3424829.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:628

C:\Windows\system32\MusNotification.exe
C:\Windows\system32\MusNotification.exe
1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/628-130-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-131-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-132-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-133-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-134-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-135-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-136-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-137-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-138-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-139-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-140-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-141-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-142-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-143-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-144-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-145-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-146-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-147-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-148-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-149-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-151-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-152-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-150-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-153-0x00000289C1C90000-0x00000289C1C92000-memory.dmp

Filesize
8KB

Download
memory/628-154-0x00000289C1C90000-0x00000289C1C94000-memory.dmp

Filesize
16KB

Download
memory/628-155-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-157-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-156-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-158-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-159-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-160-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-161-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-162-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-163-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-164-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-165-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-166-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-167-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-168-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-169-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-170-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-171-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-172-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-173-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-174-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-175-0x00000289C1C90000-0x00000289C1C96000-memory.dmp

Filesize
24KB

Download
memory/628-176-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-177-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-178-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download
memory/628-179-0x00007FF9ED5B0000-0x00007FF9ED5C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads