c08ce5cbf552bab07178715aff21a77643bcff15dbd7de23ab98c523a7f1d36c

Analysis

max time kernel
46s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c08ce5cbf552bab07178715aff21a77643bcff15dbd7de23ab98c523a7f1d36c.xlsm
Size

92KB
MD5

27c873a840fce01d7f559ee9140686e5
SHA1

02ac4ab227d4b1dbaadefde6a62c033aa2f2effd
SHA256

c08ce5cbf552bab07178715aff21a77643bcff15dbd7de23ab98c523a7f1d36c
SHA512

5d0d55c70b291f4fb0f7e2ee4d292c0258afd222b7f9a751bbd6784fd7de65ff3c4d84fe44b52072808543b2a772d055c23fc652ab24c23a149989b27a89bea9
SSDEEP

1536:CguZCa6S5khUIQh8lXaN4znOSjhLqxMUH9Ga/M1NIpPkUlB7583fjncFYIIBdFS:CgugapkhlQhGKNaPjpqxvD/Ms8ULavLg

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3848	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE
3848	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\c08ce5cbf552bab07178715aff21a77643bcff15dbd7de23ab98c523a7f1d36c.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
f1fa473e03d15e92088d06b29d37b372

SHA1
ae570f39df1014a74cc5d9d07bd4d363e2018099

SHA256
02a993cfcfe9f14149c5fba2a6d848d799a7fa611d83c1e81fc3258b0e351545

SHA512
36d099f9e92b334ff7df541754e2cfbf4495c8c903bec473f0b2e590178174b976f0d7cf46b4edbe1282eac457554f666823fdc7f0c4ae3ad05b5a0c7496f925

Download Submit
memory/3848-6-0x00007FFB0AEF0000-0x00007FFB0B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/3848-1-0x00007FFACAF70000-0x00007FFACAF80000-memory.dmp

Filesize
64KB

Download
memory/3848-3-0x00007FFACAF70000-0x00007FFACAF80000-memory.dmp

Filesize
64KB

Download
memory/3848-4-0x00007FFB0AF8D000-0x00007FFB0AF8E000-memory.dmp

Filesize
4KB

Download
memory/3848-5-0x00007FFACAF70000-0x00007FFACAF80000-memory.dmp

Filesize
64KB

Download
memory/3848-0-0x00007FFACAF70000-0x00007FFACAF80000-memory.dmp

Filesize
64KB

Download
memory/3848-7-0x00007FFB0AEF0000-0x00007FFB0B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/3848-8-0x00007FFAC8EB0000-0x00007FFAC8EC0000-memory.dmp

Filesize
64KB

Download
memory/3848-9-0x00007FFAC8EB0000-0x00007FFAC8EC0000-memory.dmp

Filesize
64KB

Download
memory/3848-59-0x00007FFB0AEF0000-0x00007FFB0B0E5000-memory.dmp

Filesize
2.0MB

Download
memory/3848-2-0x00007FFACAF70000-0x00007FFACAF80000-memory.dmp

Filesize
64KB

Download
memory/3848-143-0x00007FFB0AEF0000-0x00007FFB0B0E5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads