c2d1d634206661c0070bf945f69344d35d82154d689593a853bbb228ed24253a

Analysis

max time kernel
100s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 08:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Templates/SaleO.xls
Size

19KB
MD5

fe7411c2153dd5a1d46ad8e9c085c7f0
SHA1

7e1a6706d9d208ff92194aa5a6ee43037ae166cd
SHA256

3b4f3b28832566aa43872a7b84aa094860ee2c6cb0fd382bfdae91cf8efda3ef
SHA512

d33bbde2d0d1ee0781cff96f0f118c779dcfe5f30d4625f64351e62e3935ae6b6c9ea9f7c284443c6da0c99a216518fab54775ca33491dc3912e06ab7bcb040a
SSDEEP

384:OPZcPCnUGpLq2HbR2xU2DQ7FLTWFuSeAm6PVTcpUdw1:kZcPCnLpLq2HbR2pcSdw1

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2368	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2368	EXCEL.EXE
2368	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Templates\SaleO.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
58657a5727ad909766ac5e7ae0b26287

SHA1
60c4ca53fd241329e6de39576d3c8f6f60639ffd

SHA256
b5e87382a6c4bb3e9ec2527411525d6d63bc1926066bd46af191ef711fb6b745

SHA512
e6a6ce4b41ba8d9174b6e165d05b16a8af827a53401ae6781dfc47a3bb70d10c73d9304f6b46e1fb7c4b6429266da57ed1fc948fbf0ca425481feff418dd069c

Download Submit
memory/2368-14-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-18-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-3-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-4-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-6-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-5-0x00007FFC24E2D000-0x00007FFC24E2E000-memory.dmp

Filesize
4KB

Download
memory/2368-7-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-9-0x00007FFBE27D0000-0x00007FFBE27E0000-memory.dmp

Filesize
64KB

Download
memory/2368-8-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-10-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-11-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-12-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-13-0x00007FFBE27D0000-0x00007FFBE27E0000-memory.dmp

Filesize
64KB

Download
memory/2368-0-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-1-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-21-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-17-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-19-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-22-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-20-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-16-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-15-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-2-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-33-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download
memory/2368-47-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-48-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-50-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-49-0x00007FFBE4E10000-0x00007FFBE4E20000-memory.dmp

Filesize
64KB

Download
memory/2368-51-0x00007FFC24D90000-0x00007FFC24F85000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads