47b8a00ff95d93f404b922b726e42e9bacc1509649839fda7038b51a8ae4437f

Analysis

max time kernel
50s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47b8a00ff95d93f404b922b726e42e9bacc1509649839fda7038b51a8ae4437f.xlsm
Size

92KB
MD5

cebe81b361ebcd75ebd2e47bdde2983c
SHA1

e48a0d9b25254311c0b1690c85391dc46981af7f
SHA256

47b8a00ff95d93f404b922b726e42e9bacc1509649839fda7038b51a8ae4437f
SHA512

f1add039e22b6bc8cf2c359055baef9faf27b952983715462f97b7faea218f5097d4212c3ec43dc1e0c19c6c9bb02f3360db8bd5d9626a4c6a6b77f8aeebdea8
SSDEEP

1536:CguZCa6S5khUIfc881oa4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIfFR:CgugapkhlEYaaPjpM+d/Ms8ULavLci

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

4640 EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\47b8a00ff95d93f404b922b726e42e9bacc1509649839fda7038b51a8ae4437f.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
69daa3002f0c955ab6ae737e37a26ed0

SHA1
1af77b3834178785b07ea544bd5d48d6e56a2d09

SHA256
ae564fa72704a9385789f3dd7832f000aa7abf7a72d49e487c1ad0da7727d6ec

SHA512
713ad8a6a62c7fc377d2dabcbd273f2ed4b9812c64ac513da0d60bccc138ea20cd56ed57b2d6f15b567d228ec4156e78cb0fbbbce7be3fe70d834d4af70c2378

Download Submit
memory/4640-14-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-158-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-13-0x00007FF9857F0000-0x00007FF985800000-memory.dmp

Filesize
64KB

Download
memory/4640-3-0x00007FF9878B0000-0x00007FF9878C0000-memory.dmp

Filesize
64KB

Download
memory/4640-5-0x00007FF9878B0000-0x00007FF9878C0000-memory.dmp

Filesize
64KB

Download
memory/4640-6-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-9-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-11-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-10-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-12-0x00007FF9857F0000-0x00007FF985800000-memory.dmp

Filesize
64KB

Download
memory/4640-8-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-7-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-4-0x00007FF9C78CD000-0x00007FF9C78CE000-memory.dmp

Filesize
4KB

Download
memory/4640-2-0x00007FF9878B0000-0x00007FF9878C0000-memory.dmp

Filesize
64KB

Download
memory/4640-23-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-17-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-18-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-20-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-19-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-16-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-22-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-15-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-21-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-66-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-1-0x00007FF9878B0000-0x00007FF9878C0000-memory.dmp

Filesize
64KB

Download
memory/4640-157-0x00007FF9C7830000-0x00007FF9C7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4640-0-0x00007FF9878B0000-0x00007FF9878C0000-memory.dmp

Filesize
64KB

Download