Analysis
-
max time kernel
33s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 02:04
Behavioral task
behavioral1
Sample
cb8970f53ed68586b960e9f49b1a673a4130efde7af49d9bad8b218445ef957d.xlsm
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
cb8970f53ed68586b960e9f49b1a673a4130efde7af49d9bad8b218445ef957d.xlsm
Resource
win10v2004-20240426-en
General
-
Target
cb8970f53ed68586b960e9f49b1a673a4130efde7af49d9bad8b218445ef957d.xlsm
-
Size
92KB
-
MD5
7e96d6a0d797d56b015cb2f3a7a349e5
-
SHA1
d06f832c9c8b45cd7a36a7d8de971914c6b697f5
-
SHA256
cb8970f53ed68586b960e9f49b1a673a4130efde7af49d9bad8b218445ef957d
-
SHA512
1fab067190ade831c849be5d9c2ae342f36d0f43fe8c36464530033db871cacbff98d7a8df80217f011f6a89f6dff32c3d50dfb389de3526fc8f215b3d0b852f
-
SSDEEP
1536:CguZCa6S5khUIahY5fYVSjakcKGGa/M1NIpPkUlB7583fjncFYIIQFp:CgugapkhlarkcD/Ms8ULavLcv
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3612 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3612 EXCEL.EXE 3612 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE 3612 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\cb8970f53ed68586b960e9f49b1a673a4130efde7af49d9bad8b218445ef957d.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3612