Analysis
-
max time kernel
49s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 21:14
Behavioral task
behavioral1
Sample
4f5705da985343fe7cd8e491927e2f6879c0dff6de263b389fe57dceef21d521.xlsm
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
4f5705da985343fe7cd8e491927e2f6879c0dff6de263b389fe57dceef21d521.xlsm
Resource
win10v2004-20240226-en
General
-
Target
4f5705da985343fe7cd8e491927e2f6879c0dff6de263b389fe57dceef21d521.xlsm
-
Size
92KB
-
MD5
88ec37b050212dc006f266e0c634491b
-
SHA1
c46a4f99b34d748ab3a9ab1d2d51970c55889d8c
-
SHA256
4f5705da985343fe7cd8e491927e2f6879c0dff6de263b389fe57dceef21d521
-
SHA512
166ad1b2993b839656f67351a35ace4655190b0025af81eae838516e593eb12669cfbb93ec9efa2367d9f0614d5afb5216198e34be0520c7474887badab19d32
-
SSDEEP
1536:CguZCa6S5khUIp+aOM34znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIhFy:Cgugapkhlp+aOM3aPjpM+d/Ms8ULavLS
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4156 EXCEL.EXE -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4156 EXCEL.EXE 4156 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE 4156 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4f5705da985343fe7cd8e491927e2f6879c0dff6de263b389fe57dceef21d521.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4756 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:81⤵PID:2864