1984e9d8c376c43e35244c29706c899cb078c40f1ff1fe8c84f88c662b94e5ab

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1984e9d8c376c43e35244c29706c899cb078c40f1ff1fe8c84f88c662b94e5ab.xlsm
Size

21KB
MD5

d25705c70bd28dd682dcd86cf6bb490d
SHA1

e2998d898d3f26d268e3ef7979cd7ef90779df51
SHA256

1984e9d8c376c43e35244c29706c899cb078c40f1ff1fe8c84f88c662b94e5ab
SHA512

58db01d0305a80e1128fcc7962a2ba92f244a92555e3e9a014fa733091c4713ca34bcc3d050fab9e8af1b7efc9d8ee28761e1618f0cbab1d6366e87834639b7b
SSDEEP

384:4MbO0hGjCvsZXiIxj0iSuMKIKIVUMa3WZHmwkQn5VEtHZmTVpXgPeqg4+avx:HOjjusZyajDSJKNAkQ4t0ZpXMg4dJ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4248	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4248	EXCEL.EXE
4248	EXCEL.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE
4248	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\1984e9d8c376c43e35244c29706c899cb078c40f1ff1fe8c84f88c662b94e5ab.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\J2XZNF6NOLGI.xlsx

Filesize
7KB

MD5
f9888c68198896d1dd075dab2b0735db

SHA1
116cae5587694b87f3e902e37841f5a89572aa8c

SHA256
93ad560dd2abf1e5a308cc70f6ce4bd0cf7d01d832242d154dcf1b1e136e7164

SHA512
714440529d72467d5b295ac233c86c482a5d9036488d0260c565e078959f4fe432929e87a9a74bf3f4f54b00586fb41c6b0b360f71fb593850ff0edc81985892

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
252B

MD5
59e9176f4b69cee4c874049b813cbd64

SHA1
52c8a525e86584a4e0e94fad5f64727d424a2543

SHA256
d8474e739ee2dc4b9331850a2255ad43cd21d095698651728e38ea6cde2544df

SHA512
11d13cfe69c4a80aea31665c20d4aec55fcad9fd66626456cb25f9c0bb06878a9f5701f905da4c92cfc2c11c93fcc5b81534843f4a8d86dfcbf6eb5506dfc4e3

Download Submit
memory/4248-20-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-23-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-1-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-5-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-6-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-7-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-8-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-9-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-11-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-10-0x00007FFE8F390000-0x00007FFE8F3A0000-memory.dmp

Filesize
64KB

Download
memory/4248-12-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-13-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-14-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-15-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-16-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-17-0x00007FFE8F390000-0x00007FFE8F3A0000-memory.dmp

Filesize
64KB

Download
memory/4248-18-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-19-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-0-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-21-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-3-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-28-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-22-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-41-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-42-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-70-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-4-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-2-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-72-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-73-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-77-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-78-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-79-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-80-0x0000020A804F0000-0x0000020A80CF0000-memory.dmp

Filesize
8.0MB

Download
memory/4248-92-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-93-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-96-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-95-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-94-0x00007FFE91AF0000-0x00007FFE91B00000-memory.dmp

Filesize
64KB

Download
memory/4248-97-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download
memory/4248-98-0x00007FFED1A70000-0x00007FFED1C65000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads