538445a2eda2847be72120bc476107a3dff6dda02e047f38c636228fc86138b6

Analysis

max time kernel
133s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Examples/Project Crashing Example.xlsx
Size

14KB
MD5

01b287edb74c5a51f7f8aba4a27ca795
SHA1

1469022ea5242f4c0da704dec16c2eb9fbc9b95e
SHA256

6a1dd4340c12e730e610bd1609d36ac7e31fed266132e9fc3c658f51c8dddf29
SHA512

866aac816c7b9c889ca7ced258703d7e3e80360fd833e107eacd4ee5a548685229c60491b84ed26399585547123207d8ceac146a63a6a7968a2659f2b7390679
SSDEEP

384:CcyYUjHTIJPVV56OB6oS7bWS7vOzvyyQ4gPJ:CcyYV/HYbnIvKJ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1972 EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

EXCEL.EXE

pid	process
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Examples\Project Crashing Example.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
6e227f48ea0ea18e33eb5333e2995943

SHA1
1dbd1dcc0033c19dad9cc0693d813dac5b3dfa09

SHA256
7358d99ac110f7ea0bbbee5404602c43710f70afbf96b9fae06d4f95416ee65d

SHA512
fb5ad52ee6cd895c9873ca3ce22ee5121dde27ce8bf9a1c356a8974166ed3bed6bb64c84e068ce16c9761f252f65b5ed00d705688270ddd10c40f1d7d819ff7a

Download Submit
memory/1972-9-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-27-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-10-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-2-0x00007FFF00490000-0x00007FFF004A0000-memory.dmp

Filesize
64KB

Download
memory/1972-5-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-7-0x00007FFF00490000-0x00007FFF004A0000-memory.dmp

Filesize
64KB

Download
memory/1972-6-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-8-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-3-0x00007FFF00490000-0x00007FFF004A0000-memory.dmp

Filesize
64KB

Download
memory/1972-4-0x00007FFF00490000-0x00007FFF004A0000-memory.dmp

Filesize
64KB

Download
memory/1972-12-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-13-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-11-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-14-0x00007FFEFDD20000-0x00007FFEFDD30000-memory.dmp

Filesize
64KB

Download
memory/1972-15-0x00007FFEFDD20000-0x00007FFEFDD30000-memory.dmp

Filesize
64KB

Download
memory/1972-0-0x00007FFF00490000-0x00007FFF004A0000-memory.dmp

Filesize
64KB

Download
memory/1972-25-0x00007FFF40410000-0x00007FFF40605000-memory.dmp

Filesize
2.0MB

Download
memory/1972-26-0x00007FFF404AD000-0x00007FFF404AE000-memory.dmp

Filesize
4KB

Download
memory/1972-1-0x00007FFF404AD000-0x00007FFF404AE000-memory.dmp

Filesize
4KB

Download