538445a2eda2847be72120bc476107a3dff6dda02e047f38c636228fc86138b6

Analysis

max time kernel
103s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Examples/Facility Location Example.xlsx
Size

14KB
MD5

d7d428d8611785c0178b04fec2289bb3
SHA1

22cb34fd3d0551988cfdbb9b59dcb610e68abcfe
SHA256

c101427ac40a6c044c0281951897621c694aa1fdb97de3cf0d891cd9a804cd64
SHA512

d009717acc3f4e4887dbb9f5c371d4d8733812e2da45a3cba0ce6a0752536e8f1b199e3a6f29643d8f53d2601b2fed9573e09c6c6bfadff0ae3cd5208e93bccf
SSDEEP

192:w4QwHO/i/UMbYBMrJ6+TyyJIXi1Xy3bOopMFaSpuZbutV8fms0R88+uO2bx:G9icMb7rJPDIXiAShmbDOs028LOqx

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

3412 EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE
3412	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Examples\Facility Location Example.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize
1KB

MD5
23a199d6ed760c822a4ff30db245fa67

SHA1
e2ccdc9029240960464b90c74a37369555b9f805

SHA256
d4125eab8dc929066bfa6b9da611771706d08d3e715c21e121921ce251063d48

SHA512
644509950e7e1f997304202390be56f37b975189f6f67a4bf7dbb80091855556efb450814596ed716c9e78034903c8dfe552049a0ef0dcc72db0267ce81f2376

Download Submit
memory/3412-8-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-59-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-13-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-4-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-5-0x00007FFDC476D000-0x00007FFDC476E000-memory.dmp

Filesize
4KB

Download
memory/3412-6-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-0-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-7-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-9-0x00007FFD81DF0000-0x00007FFD81E00000-memory.dmp

Filesize
64KB

Download
memory/3412-10-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-11-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-12-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-3-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-1-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-38-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-16-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-19-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-20-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-18-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-17-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-2-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-15-0x00007FFDC46D0000-0x00007FFDC48C5000-memory.dmp

Filesize
2.0MB

Download
memory/3412-58-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-57-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-56-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-55-0x00007FFD84750000-0x00007FFD84760000-memory.dmp

Filesize
64KB

Download
memory/3412-14-0x00007FFD81DF0000-0x00007FFD81E00000-memory.dmp

Filesize
64KB

Download