Analysis
-
max time kernel
46s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 01:48
Behavioral task
behavioral1
Sample
1b6494da5bfc384f97c24991915384c39fa2a968a3bc32abab223f8265dbe939.xlsm
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1b6494da5bfc384f97c24991915384c39fa2a968a3bc32abab223f8265dbe939.xlsm
Resource
win10v2004-20240426-en
General
-
Target
1b6494da5bfc384f97c24991915384c39fa2a968a3bc32abab223f8265dbe939.xlsm
-
Size
91KB
-
MD5
8b9d547965a3416570cf8dba4afd1659
-
SHA1
263744a066c26a330a1eae997cc114b5b66dd7ca
-
SHA256
1b6494da5bfc384f97c24991915384c39fa2a968a3bc32abab223f8265dbe939
-
SHA512
b57c015da4c64705376ebf0a990ad5e638b2c8da697f3d4cbf2904243dfd9c7c071b2e4068bd0219e585dc29007a13bc5ff21520e52077f2c6b3b2841a2c52b0
-
SSDEEP
1536:CguZCa6S5khUIiz26N0nO2U4znOSjhL97kGa/M1NIpPkUlB7583fjncFYIIyeF2:Cgugapkhl0RkwaPjpE/Ms8ULavLc1
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1908 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE 1908 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\1b6494da5bfc384f97c24991915384c39fa2a968a3bc32abab223f8265dbe939.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1908