Analysis
-
max time kernel
47s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
31-05-2024 02:20
Behavioral task
behavioral1
Sample
351d72eb4a62cbc3ef362a21f2533bb57fbcd4ea5d56e26624331a6b518edf28.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
351d72eb4a62cbc3ef362a21f2533bb57fbcd4ea5d56e26624331a6b518edf28.xlsm
Resource
win10v2004-20240508-en
General
-
Target
351d72eb4a62cbc3ef362a21f2533bb57fbcd4ea5d56e26624331a6b518edf28.xlsm
-
Size
92KB
-
MD5
4a0ab678fa8c5364bd3fe7b2dc252e4c
-
SHA1
145b133b15c191498863f15d22b31e034e51bfb4
-
SHA256
351d72eb4a62cbc3ef362a21f2533bb57fbcd4ea5d56e26624331a6b518edf28
-
SHA512
78eb35c62af726efb9257795e36baf42d94a8659cd9613e2d152bac01ca4d724f53887d953d32835dedc0a14446e835a1c3c27eb330ed79fbe552be183b427ba
-
SSDEEP
1536:CguZCa6S5khUI44s+KvE4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYII7bFy:CgugapkhlLsrEaPjpM+d/Ms8ULavLcx
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1156 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE 1156 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\351d72eb4a62cbc3ef362a21f2533bb57fbcd4ea5d56e26624331a6b518edf28.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1156