Analysis
-
max time kernel
49s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 02:10
Behavioral task
behavioral1
Sample
584bbbe8b1663af36c0a1f71a9526190d0612370af0a4cccc4290a991888fc48.xlsm
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
584bbbe8b1663af36c0a1f71a9526190d0612370af0a4cccc4290a991888fc48.xlsm
Resource
win10v2004-20240226-en
General
-
Target
584bbbe8b1663af36c0a1f71a9526190d0612370af0a4cccc4290a991888fc48.xlsm
-
Size
92KB
-
MD5
3c9dc696a47750591bde3216c0f4aa68
-
SHA1
3340b619dd80f9debb2ab5d0b0e6fbcc98a4d2df
-
SHA256
584bbbe8b1663af36c0a1f71a9526190d0612370af0a4cccc4290a991888fc48
-
SHA512
6c1e087755ae3aa3da4141880084ec262c3da02d0598d1dcebeabd0a0778d58690ba518616e0fe74cde4a6f48c6d93a62c009ac8bd4028295ed102812c2b5919
-
SSDEEP
1536:CguZCa6S5khUIu6Gv2ZZMeb69w94znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIID:CgugapkhluBv2YebLaPjpM+d/Ms8ULaH
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 372 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 372 EXCEL.EXE 372 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE 372 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\584bbbe8b1663af36c0a1f71a9526190d0612370af0a4cccc4290a991888fc48.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3720 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:81⤵PID:3732