Analysis

  • max time kernel
    69s
  • max time network
    70s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 15:13

General

  • Target

    binary.xlsx

  • Size

    26KB

  • MD5

    034a3c738db3c3c3f5e820fd6a94a122

  • SHA1

    adbf9c038471587a644dfccb50921cbf2431cb1d

  • SHA256

    3b2755a366aa6b9440d6edb1796fe19556615f8beb06ab639efeb667dd83e273

  • SHA512

    bf8f2398d709debba10159a7a529e8b4b5cf13aa6c913ee74229cbab7b20a8f69a0fe0868c4c786e0a4905d81cd707d1659f93966e1f0c715f3d6ecc17026efa

  • SSDEEP

    768:xMAY6NmXMXbG9CTnBRoemzT556GVKk3Sy:xMNO5CX9lH

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\binary.xlsx"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1816
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee058ab58,0x7ffee058ab68,0x7ffee058ab78
      2⤵
        PID:4112
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:2
        2⤵
          PID:1980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
          2⤵
            PID:2124
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
            2⤵
              PID:4680
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:1
              2⤵
                PID:2756
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:1
                2⤵
                  PID:3916
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:1
                  2⤵
                    PID:4524
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
                    2⤵
                      PID:2948
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
                      2⤵
                        PID:1340
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
                        2⤵
                          PID:228
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
                          2⤵
                            PID:2344
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:8
                            2⤵
                              PID:2692
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4672 --field-trial-handle=1692,i,3920530651014030216,9525226308987190774,131072 /prefetch:1
                              2⤵
                                PID:1844
                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                              1⤵
                                PID:3628

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\688b255d-dd2d-41ca-9409-e8e759d4c180.tmp

                                Filesize

                                257KB

                                MD5

                                3f91bc56f18694fb028c43d6bfbb488b

                                SHA1

                                60a6a9549aa3946ef1fc67efb836e0458f9d555a

                                SHA256

                                fbb2d585d224607f5019b2638421087cacadf384b2c58505258f442c564b245c

                                SHA512

                                fc25441c5afeadc42a2fdabcfa49d7a72775c2f1b059cc05274c111156e413bc6d0aedc9e1cd92bbb1ee8006232e0ec719af5fb90034d407fa2cee68c4ce0d6d

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                Filesize

                                2B

                                MD5

                                d751713988987e9331980363e24189ce

                                SHA1

                                97d170e1550eee4afc0af065b78cda302a97674c

                                SHA256

                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                SHA512

                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                Filesize

                                7KB

                                MD5

                                98eed1713b7661625bd4660b3c61e6e5

                                SHA1

                                87db92e52e36d563416c514994fcd4b960595322

                                SHA256

                                ed4786130888b0aa26e3c9b1f00f4d329126213ca459296c630b1ffaacc81f25

                                SHA512

                                b75d0847c7b5d64c636b4d318b29398aef910ce044d426ada79e04d11fa3ce02cc95fb2ed8a906a9b4ae45f2b03020c55825746b2117d2342ae2ead16ade440e

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                257KB

                                MD5

                                ea6b9b242e7d79f74cfb4816e07b954c

                                SHA1

                                b5c0239a1304404b9ab428698e69caad85f2de0a

                                SHA256

                                015b8fcad5f920eed7a50f51575771b17b0e59eefc64e5f4774d966bf998c6de

                                SHA512

                                b3cfae2120df2e8b03eb1f1f64b76cc6fb1f896cf9b396e23e675e1694fe6ee2db4546f5f11d409b0b1309e088ac6e7f29d5949e1cdb121b276815556963ecd6

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                Filesize

                                257KB

                                MD5

                                12d95a99970d3621710eca91a704f7dc

                                SHA1

                                94b0f792e33fde1be78fe4cdf2341b92deb818d7

                                SHA256

                                3c565f5e62edd8eb4143a9190cb32c4b5695d2c9a143f22170e86a4f58c5c753

                                SHA512

                                2f802b27e1f6069ad26e89ab040f74bdb88fd7d3980edfe015fabe6dae99e0b6585093555ad954644baa70680b2ad07fef26d44ad5eed3ad7ba01c0f6f85674c

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                Filesize

                                90KB

                                MD5

                                a4608ec5e1b09ffcbb5e98256f36fc1c

                                SHA1

                                f4a5b0145dd683ff1355a35b59a86ab3280fb31d

                                SHA256

                                486a2052a92257cb25869a3b75cdec771becd1248aed6ff80f2e194f9437a3ee

                                SHA512

                                9126867483c24f82a78109d3e1e40c5007082a99c41991652b3bd17204a0733a0c4fd33902fb6f468c97879a665d1ee01693c5a07dde500ce7862d557c119390

                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5821db.TMP

                                Filesize

                                87KB

                                MD5

                                b4053e3f6c71b54a9f0162d3bc7d1b33

                                SHA1

                                b8acb38059db3e4dca5c988b11b8f070f1013441

                                SHA256

                                9be2750e9882658a68cd2c8cb89ea3292b353c47256352b43bdefcb421a8248c

                                SHA512

                                c257bed4b8458b25f985c815f9c8678187512f5e1b61224a3ccf138af9f3dc0fda2d03dd0d9096b5711808da6280614a7802c79fe57e71a60f72fc77c8798ce4

                              • memory/1816-7-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-19-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-10-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-11-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-12-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-13-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-14-0x00007FFEC5C10000-0x00007FFEC5C20000-memory.dmp

                                Filesize

                                64KB

                              • memory/1816-15-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-18-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-17-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-20-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-22-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-21-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-9-0x00007FFEC5C10000-0x00007FFEC5C20000-memory.dmp

                                Filesize

                                64KB

                              • memory/1816-16-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-1-0x00007FFF0806D000-0x00007FFF0806E000-memory.dmp

                                Filesize

                                4KB

                              • memory/1816-8-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-0-0x00007FFEC8050000-0x00007FFEC8060000-memory.dmp

                                Filesize

                                64KB

                              • memory/1816-62-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-63-0x00007FFF0806D000-0x00007FFF0806E000-memory.dmp

                                Filesize

                                4KB

                              • memory/1816-64-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-65-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-2-0x00007FFEC8050000-0x00007FFEC8060000-memory.dmp

                                Filesize

                                64KB

                              • memory/1816-6-0x00007FFF07FD0000-0x00007FFF081C5000-memory.dmp

                                Filesize

                                2.0MB

                              • memory/1816-5-0x00007FFEC8050000-0x00007FFEC8060000-memory.dmp

                                Filesize

                                64KB

                              • memory/1816-3-0x00007FFEC8050000-0x00007FFEC8060000-memory.dmp

                                Filesize

                                64KB

                              • memory/1816-4-0x00007FFEC8050000-0x00007FFEC8060000-memory.dmp

                                Filesize

                                64KB