Analysis
-
max time kernel
49s -
max time network
55s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
25-06-2024 21:08
Behavioral task
behavioral1
Sample
83bd884794414b6cdbdb48b621e827a663e3595130abba1764c991a76cf75024.xlsm
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
83bd884794414b6cdbdb48b621e827a663e3595130abba1764c991a76cf75024.xlsm
Resource
win10v2004-20240226-en
General
-
Target
83bd884794414b6cdbdb48b621e827a663e3595130abba1764c991a76cf75024.xlsm
-
Size
92KB
-
MD5
702902e3620b3f664b421de858b4cd25
-
SHA1
72d843076f6ce032596bf43edc799554ddd4bca7
-
SHA256
83bd884794414b6cdbdb48b621e827a663e3595130abba1764c991a76cf75024
-
SHA512
3e6207a2312e548bbba83dd11a6d357d68982e7cddf26a9ec44541f5946c112af32df83f061a31c7412a9eef870c337adc4ec06edd69b9bb48a4f5c88725e305
-
SSDEEP
1536:CguZCa6S5khUIUUK/9IYxY5MM4znOSjhLzVubGa/M1NIpPkUlB7583fjncFYIIOI:CgugapkhlUgYxY5MMaPjpzVw/Ms8ULa5
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1372 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE 1372 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\83bd884794414b6cdbdb48b621e827a663e3595130abba1764c991a76cf75024.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4268 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:81⤵PID:2480