Analysis
-
max time kernel
46s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 01:53
Behavioral task
behavioral1
Sample
fd58a49be293c7db96290354b0b2f38dd29f75c2a9d703c3bf2df5fe5e729578.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fd58a49be293c7db96290354b0b2f38dd29f75c2a9d703c3bf2df5fe5e729578.xlsm
Resource
win10v2004-20240426-en
General
-
Target
fd58a49be293c7db96290354b0b2f38dd29f75c2a9d703c3bf2df5fe5e729578.xlsm
-
Size
92KB
-
MD5
a75d0194b2fe992607b0f3d06c2d5f42
-
SHA1
9e5da608dedcf1365809b0f6bcb5578e4d0c2bc6
-
SHA256
fd58a49be293c7db96290354b0b2f38dd29f75c2a9d703c3bf2df5fe5e729578
-
SHA512
58926c0ab7ad27753ecb186dd655105a004a9caec7063ed9ed61f7abe2a4935d8923b28744615dd88f075b017ae3a144dda322f4f64bcd067f48127797689850
-
SSDEEP
1536:CguZCa6S5khUIdrtAM54znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIvBF8:Cgugapkhlb95aPjpM+d/Ms8ULavLcOs
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3648 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE 3648 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\fd58a49be293c7db96290354b0b2f38dd29f75c2a9d703c3bf2df5fe5e729578.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3648