Overview
overview
10Static
static
3Program/De...FS.dll
windows10-2004-x64
1Program/De...FS.dll
windows11-21h2-x64
1Program/De...se.dll
windows10-2004-x64
1Program/De...se.dll
windows11-21h2-x64
1Program/De...on.dll
windows10-2004-x64
1Program/De...on.dll
windows11-21h2-x64
1Program/De...le.dll
windows10-2004-x64
1Program/De...le.dll
windows11-21h2-x64
1Program/Er...1].exe
windows10-2004-x64
1Program/Er...1].exe
windows11-21h2-x64
1Program/Li...et.dll
windows10-2004-x64
1Program/Li...et.dll
windows11-21h2-x64
1Program/Li...ng.dll
windows10-2004-x64
1Program/Li...ng.dll
windows11-21h2-x64
1Program/Li...GL.dll
windows10-2004-x64
3Program/Li...GL.dll
windows11-21h2-x64
3Program/Li...-1.dll
windows10-2004-x64
3Program/Li...-1.dll
windows11-21h2-x64
3Program/Setup.exe
windows10-2004-x64
10Program/Setup.exe
windows11-21h2-x64
6Program/caret.xls
windows10-2004-x64
1Program/caret.xls
windows11-21h2-x64
1Program/ms...lf.dll
windows10-2004-x64
1Program/ms...lf.dll
windows11-21h2-x64
1Program/test.asp
windows10-2004-x64
3Program/test.asp
windows11-21h2-x64
3Analysis
-
max time kernel
135s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05-07-2024 20:09
Static task
static1
Behavioral task
behavioral1
Sample
Program/Debugs/AlphaFS.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral2
Sample
Program/Debugs/AlphaFS.dll
Resource
win11-20240704-en
Behavioral task
behavioral3
Sample
Program/Debugs/License.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral4
Sample
Program/Debugs/License.dll
Resource
win11-20240704-en
Behavioral task
behavioral5
Sample
Program/Debugs/Newtonsoft.Json.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral6
Sample
Program/Debugs/Newtonsoft.Json.dll
Resource
win11-20240704-en
Behavioral task
behavioral7
Sample
Program/Debugs/VersionStable.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral8
Sample
Program/Debugs/VersionStable.dll
Resource
win11-20240704-en
Behavioral task
behavioral9
Sample
Program/ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral10
Sample
Program/ErrorLog/DirectoryMonitor_[1MB]_[1].exe
Resource
win11-20240704-en
Behavioral task
behavioral11
Sample
Program/Libs/Extreme.Net.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral12
Sample
Program/Libs/Extreme.Net.dll
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
Program/Libs/Injecting.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral14
Sample
Program/Libs/Injecting.dll
Resource
win11-20240704-en
Behavioral task
behavioral15
Sample
Program/Libs/libEGL.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
Program/Libs/libEGL.dll
Resource
win11-20240704-en
Behavioral task
behavioral17
Sample
Program/Libs/libgcc_s_dw2-1.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral18
Sample
Program/Libs/libgcc_s_dw2-1.dll
Resource
win11-20240704-en
Behavioral task
behavioral19
Sample
Program/Setup.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral20
Sample
Program/Setup.exe
Resource
win11-20240704-en
Behavioral task
behavioral21
Sample
Program/caret.xls
Resource
win10v2004-20240704-en
Behavioral task
behavioral22
Sample
Program/caret.xls
Resource
win11-20240704-en
Behavioral task
behavioral23
Sample
Program/msedge_elf.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral24
Sample
Program/msedge_elf.dll
Resource
win11-20240704-en
Behavioral task
behavioral25
Sample
Program/test.asp
Resource
win10v2004-20240704-en
Behavioral task
behavioral26
Sample
Program/test.asp
Resource
win11-20240704-en
General
-
Target
Program/caret.xls
-
Size
779KB
-
MD5
4d4b5ccd0ff38d099e68792ee07c4a99
-
SHA1
f529d6bb59e1edd6ee57b7ceca20afaa2272d157
-
SHA256
90b7b1dbc330af1f1d80403bacb25b46506b666aa9182fef90aaec5d612507a7
-
SHA512
b8113fef6c0e7dea4ad6615fa0a451e72f481d72691d9f4001196be7784df8620ea8b7c00456a546204e0540580eaa13a4bb7ed18ef90ba7a7022682573484f6
-
SSDEEP
24576:77Z3f25EtWkLrj3JbYNkORIyRJ505UJ3z1lyhgG:puqJbMkU05UJDGhv
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
EXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 4000 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
EXCEL.EXEpid process 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE 4000 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Program\caret.xls"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4000
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD595f6efd168a1689831f7e70fc3e80364
SHA172cf55207312c9aa4c11fee48c3eec41bbb1ac3d
SHA256b4c49315bca61033ca430ffeaf42757e5176ca4911e4e0c90244bf4572c45ab6
SHA512c8ee4c6d25a08a4ffe53ab3a3590fd18c474faec16091e6f5bf7d0e01470a2135f200d322080879df46e168fc7944d860938ef238d255316a4055168d9cb7c25