f74099fab5d70827565acca02eaca5182bf5921a6980cf82c8d7841ce70a5c6e

Analysis

max time kernel
136s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Device/HarddiskVolume3/Users/dsmith2/AppData/Local/MCApp/app-3.6.12/resources/RTDAddonInstaller-win3.xll
Size

648KB
MD5

79af9d53e6915034bf59e59b2a3dcafb
SHA1

1c00d4d630f1ffd7811bae241787b190501e04c8
SHA256

d037cc6c2de89ffbbb00d3f11df565985cf71cbc96ca9c14acc812c1b0d3b2e2
SHA512

75e36604b23c244740958dcd0ecfdf06c04f4ed481d02a373f722fd7dc5c734742cee7372b57385832cb7c1876b8b7400da595d7ea536957471d2e22259542d6
SSDEEP

12288:BfBUkVbwLSI5/Q8OF8bzbBSresOi1uWD242S6+4lJam:jUrO2X13DWeS6Zu

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4900	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE
4900	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume3\Users\dsmith2\AppData\Local\MCApp\app-3.6.12\resources\RTDAddonInstaller-win3.xll"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4900-0-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-2-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-1-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-3-0x00007FF90C06D000-0x00007FF90C06E000-memory.dmp

Filesize
4KB

Download
memory/4900-4-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-5-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-9-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-8-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-7-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-10-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-11-0x00007FF8C9E60000-0x00007FF8C9E70000-memory.dmp

Filesize
64KB

Download
memory/4900-6-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-13-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-12-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-14-0x00007FF8C9E60000-0x00007FF8C9E70000-memory.dmp

Filesize
64KB

Download
memory/4900-29-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download
memory/4900-44-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-45-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-47-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-46-0x00007FF8CC050000-0x00007FF8CC060000-memory.dmp

Filesize
64KB

Download
memory/4900-48-0x00007FF90BFD0000-0x00007FF90C1C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads