993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391

Resubmissions

20/09/2023, 08:26

230920-kbzlnsfa7y 10

02/05/2022, 15:03

220502-se8mraffb7 10

Analysis

max time kernel
140s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2023, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
Size

651KB
MD5

7385a5ddf4b7801cfdf4b4a247ab7837
SHA1

bddc2c8163e976c01be0147f4d5bd32f6e344188
SHA256

993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391
SHA512

02cb71a1f06aeee9a1ef19261b85986bd1dccb29a224e38b26125c98f2adab05d75f17af28f97c98423178a950db23cd9a2530c75cfee2f87f04c0fad3993ec3
SSDEEP

12288:43EnHJTgHDhjtMcTuCg1XQUmnylBa6XN36X0hyZPAv:mEpTOdtMeGOYBa6XN36k8Pc

Score

8^/10

evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly	993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
File created	C:\Windows\assembly\Desktop.ini	993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2132	EXCEL.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3228	993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
2132	EXCEL.EXE
2132	EXCEL.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE
2132	EXCEL.EXE

C:\Users\Admin\AppData\Local\Temp\993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe
"C:\Users\Admin\AppData\Local\Temp\993778c3b7b066778aabbbf4c110d8a965e83394c6358b5655ee4cdbb3996391.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
PID:3228

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\BackupGrant.xla"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wctC469.tmp.VIVELAG

Filesize
63KB

MD5
345a6498825978cc77c26911e2069a1d

SHA1
835e53d912e798a86866e20dabd72ebb292e4c07

SHA256
551f2064cae81c97a92fe2fa8e52362f24f8ba979d5451293bdbea2d0d9c369c

SHA512
f17c3bcf7992ff35c77f3b05b83a6229021c5e27d1a4cf2ebc66935d99296da8022b98053ae3ce245a1f7630f44ad421612b179c43e6e185e8d2df5b822a28fc

Download Submit
memory/2132-97-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-99-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-108-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-107-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-105-0x00007FFD3F510000-0x00007FFD3F520000-memory.dmp

Filesize
64KB

Download
memory/2132-103-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-104-0x00007FFD3F510000-0x00007FFD3F520000-memory.dmp

Filesize
64KB

Download
memory/2132-102-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-96-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-90-0x00007FFD41A50000-0x00007FFD41A60000-memory.dmp

Filesize
64KB

Download
memory/2132-101-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-100-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-88-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-98-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-95-0x00007FFD41A50000-0x00007FFD41A60000-memory.dmp

Filesize
64KB

Download
memory/2132-93-0x00007FFD41A50000-0x00007FFD41A60000-memory.dmp

Filesize
64KB

Download
memory/2132-94-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-87-0x00007FFD41A50000-0x00007FFD41A60000-memory.dmp

Filesize
64KB

Download
memory/2132-92-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/2132-89-0x00007FFD41A50000-0x00007FFD41A60000-memory.dmp

Filesize
64KB

Download
memory/2132-91-0x00007FFD819D0000-0x00007FFD81BC5000-memory.dmp

Filesize
2.0MB

Download
memory/3228-33-0x00007FFD636B0000-0x00007FFD64051000-memory.dmp

Filesize
9.6MB

Download
memory/3228-35-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-86-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-85-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-65-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-0-0x00007FFD636B0000-0x00007FFD64051000-memory.dmp

Filesize
9.6MB

Download
memory/3228-56-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-19-0x00007FFD636B0000-0x00007FFD64051000-memory.dmp

Filesize
9.6MB

Download
memory/3228-2-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-11-0x00000000014F0000-0x0000000001500000-memory.dmp

Filesize
64KB

Download
memory/3228-1-0x00007FFD636B0000-0x00007FFD64051000-memory.dmp

Filesize
9.6MB

Download
memory/3228-10-0x000000001CBB0000-0x000000001CBFC000-memory.dmp

Filesize
304KB

Download
memory/3228-9-0x000000001BA30000-0x000000001BA38000-memory.dmp

Filesize
32KB

Download
memory/3228-8-0x000000001C950000-0x000000001C9EC000-memory.dmp

Filesize
624KB

Download
memory/3228-7-0x000000001C3A0000-0x000000001C86E000-memory.dmp

Filesize
4.8MB

Download
memory/3228-6-0x000000001BE20000-0x000000001BEC6000-memory.dmp

Filesize
664KB

Download
memory/3228-3-0x000000001BB70000-0x000000001BBBA000-memory.dmp

Filesize
296KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads