4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 19:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
Size

6.2MB
MD5

ce5486773384f7ea486a7e7da4a0e3d5
SHA1

2d582095f4b42cd2fef9140752042918dc165a75
SHA256

4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f
SHA512

239ce1091de2c13ceccfdd91707bf1c0dbcd5fb862d65722576626ebd912b5f7c08667afff809ea56aefe452414a46fcb9e9795d41154e0a1fc24f534295431a
SSDEEP

98304:GCsTnXdSYVXhx8h3ciOFRUuP+6tH8Nb2PTeNfD7eQsGsNyDe+u7ibb6mJoE7:GCsTXzOstJtHEBN7SQjPyiIE7

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4636	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Add-ins\quick notes assistant main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH002c.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH002e.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\xrbk4-64.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH000f.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\loan workbook.xlt	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0025.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Add-In Mgr 2007-2013.xlam	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Bubble_chart_creator_main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Data Assistant help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\loanasst main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\colored cells assistant.xla	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH002b.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\z45tk1.xla	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Mortgage Payments.xlt	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0017.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\add-ins uninstall.exe	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0004.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Cluster Stacked Column Chart Creator main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Formula Checking Assistant.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH000a.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Gold Assistant main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Pivot Table Assistant help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Report Runner.chm	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH002d.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0001.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0002.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0009.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\z45tk1 - 64.xla	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Loan tracker.xlt	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\runner_main_64.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Time_Saving_Suggestions.pdf	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0027.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0010.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0013.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0016.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH001b.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH001d.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Quick Notes Assistant help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\quikchts main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0022.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Bubble Chart Creator help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Colored Cells Assistant Help and Exercise File.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0012.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\waterfall chart creator main 2010.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Mekko Chart Creator help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH001c.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0021.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Report Runner exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Time_Saving_Suggestions.chm	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0029.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Business Analysis Collection 2007-2013.xlam	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0008.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH000b.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0020.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Gold Assistant help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0023.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Mekko_Chart_Creator_main.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH001e.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\Waterfall Chart Creator help and exercise file.xls	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\open_file.exe	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH000c.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File opened for modification	C:\Program Files (x86)\Add-ins\xrbk4.cde	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
File created	C:\Program Files (x86)\Add-ins\~GLH0018.TMP	4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe

C:\Users\Admin\AppData\Local\Temp\4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe
"C:\Users\Admin\AppData\Local\Temp\4581f224160a8a418f45c0a75ad666141a32f4e489b7c9c1a44c25a63492fd8f.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GLC33A3.tmp

Filesize
161KB

MD5
09e59d00df5d2effd8dd9b30385cb9d2

SHA1
0fa0d3f6692f31fdabefb719b0f7a28cbf5d5415

SHA256
1c574eab5e83ccfe5a0bb7b59e028cc5fa2f4e77868051e305d83c709711ff77

SHA512
d73e3832777341a4176dbd9988002ec94a32f162492e869a8c03d9bb10f1833821f99e15710e9fc103a2820c862cf14a0b990d7c7c09150bb14618a7c93ca5fd

Download Submit