538445a2eda2847be72120bc476107a3dff6dda02e047f38c636228fc86138b6

Analysis

max time kernel
101s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Examples/Cutting Stock Example.xlsx
Size

12KB
MD5

cfe44b256fbcf639628db3eced44a1bf
SHA1

16ff7dd176e3f1d1e3763b5773954bd2a951e1c9
SHA256

451f8cc4933728bc06493ead030c3b3e45b8ce4bf9a979c9b386116b023e3d97
SHA512

fa398a17b116a3b99523cff8eb9f5dea59de5a830f034f3f55772f083b7fbaedf00a1061d734330f35febc6912323dbef75efe181a9abd3a4efff17914e896ca
SSDEEP

192:RUSIm79BIJ6+TZXHKRzpei2fBHSaJlg03xi1Vn0+ODui:C4IJPl6FCffQbn0+ri

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1752 EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE
1752	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Examples\Cutting Stock Example.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-2-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-0-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-1-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-4-0x00007FFF5B14D000-0x00007FFF5B14E000-memory.dmp

Filesize
4KB

Download
memory/1752-3-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-5-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-6-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-8-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-7-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-14-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-13-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-12-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-11-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-10-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-15-0x00007FFF18E10000-0x00007FFF18E20000-memory.dmp

Filesize
64KB

Download
memory/1752-9-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-16-0x00007FFF18E10000-0x00007FFF18E20000-memory.dmp

Filesize
64KB

Download
memory/1752-28-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download
memory/1752-44-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-45-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-46-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-47-0x00007FFF1B130000-0x00007FFF1B140000-memory.dmp

Filesize
64KB

Download
memory/1752-48-0x00007FFF5B0B0000-0x00007FFF5B2A5000-memory.dmp

Filesize
2.0MB

Download