1e00cbd3ebb65f334309d718ff62df3fdb0224724c4a813b230858ba14fe9909

Analysis

max time kernel
426s
max time network
428s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CHOICE Product Summary 2024.xlsx
Size

236KB
MD5

37e247c7a6d4849c091c0405d2df53b7
SHA1

bb48677aef949dc77cd21f38f46cd5a9349ee09a
SHA256

1e00cbd3ebb65f334309d718ff62df3fdb0224724c4a813b230858ba14fe9909
SHA512

06b388e263355aa8cd47087d397da6b9f64b53761eacf5772c46ef8e3034e5762be75ad79db78042dbc291a92613e645e8b0d02a994c9b2fccc9c39f8aa103c5
SSDEEP

6144:KlNBMP8rgFEYEL29TBY1TIqLC13qwmYq5m74g4RXKXdtAncKW:KtMEs+2nmLLKnmYOm74NRXKX

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4608	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4608	EXCEL.EXE
4608	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE
4608	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\CHOICE Product Summary 2024.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
af6f3cecb6229861da4935f33b834064

SHA1
210cfc501ea365a58b9b8b898f256702404cc368

SHA256
b641ed0a8396722a03be821afed64805f5a6cd259e7718b5eb861ed58043bcf6

SHA512
5cee566bf03acf2838eda1f4c64ea725af20afe67c7c578c9fbf338c78882d2833efbc97a1f485920f218b30afd7dff0a962b1dabab2e4732a7847ae2530bfd7

Download Submit
memory/4608-8-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-63-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-16-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-10-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-12-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-11-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-13-0x00007FFF43230000-0x00007FFF43240000-memory.dmp

Filesize
64KB

Download
memory/4608-9-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-14-0x00007FFF43230000-0x00007FFF43240000-memory.dmp

Filesize
64KB

Download
memory/4608-15-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-18-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-17-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-5-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-4-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-38-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-6-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-3-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-2-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-1-0x00007FFF85B0D000-0x00007FFF85B0E000-memory.dmp

Filesize
4KB

Download
memory/4608-36-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-37-0x00007FFF85B0D000-0x00007FFF85B0E000-memory.dmp

Filesize
4KB

Download
memory/4608-7-0x00007FFF85A70000-0x00007FFF85C65000-memory.dmp

Filesize
2.0MB

Download
memory/4608-59-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-60-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-62-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-61-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download
memory/4608-0-0x00007FFF45AF0000-0x00007FFF45B00000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads