ba1a10357fec85896cabbeacd3dd4acdac387399123079a20b7f3d3a0d1ad39c

Analysis

max time kernel
44s
max time network
41s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 21:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ba1a10357fec85896cabbeacd3dd4acdac387399123079a20b7f3d3a0d1ad39c.xlsm
Size

92KB
MD5

87d36986fe1449668c2f1ea33b5a3d6d
SHA1

667cf0011570b677d8d1bbcedbf83768b78b6ff4
SHA256

ba1a10357fec85896cabbeacd3dd4acdac387399123079a20b7f3d3a0d1ad39c
SHA512

6c3536ca8541406fb29857a03451fd31da303419b8d3973d49a06b04e5b5aa0b882b80dccd8727179adaeb620592be599e7420af831ca7e74f2b8b6413f27b59
SSDEEP

1536:CguZCa6S5khUIMU9CKh4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIZF9:CgugapkhlMUQKhaPjpM+d/Ms8ULavLc6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4728	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4728	EXCEL.EXE
4728	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE
4728	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ba1a10357fec85896cabbeacd3dd4acdac387399123079a20b7f3d3a0d1ad39c.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
eb1d63dcd00716f3fce4ea6da74822b4

SHA1
af97baceed272ccc071ad10c8b7281478134f2cc

SHA256
903c32990997637d8bf6c73ad6d57c66e6cf448370e9bcdcb799eeb95664f39c

SHA512
160484d23320a1f22e999a308b77e5c56800aae1b957109df31325ae828d43b872a27f449d0f2f02ef77158898be1ae5037281b1c2b4cfa73ac7b83a338312b2

Download Submit
memory/4728-15-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-161-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-2-0x00007FF9586B0000-0x00007FF9586C0000-memory.dmp

Filesize
64KB

Download
memory/4728-1-0x00007FF9986CD000-0x00007FF9986CE000-memory.dmp

Filesize
4KB

Download
memory/4728-16-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-6-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-7-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-8-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-9-0x00007FF9561E0000-0x00007FF9561F0000-memory.dmp

Filesize
64KB

Download
memory/4728-11-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-10-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-12-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-5-0x00007FF9586B0000-0x00007FF9586C0000-memory.dmp

Filesize
64KB

Download
memory/4728-13-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-0-0x00007FF9586B0000-0x00007FF9586C0000-memory.dmp

Filesize
64KB

Download
memory/4728-14-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-19-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-18-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-17-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-20-0x00007FF9561E0000-0x00007FF9561F0000-memory.dmp

Filesize
64KB

Download
memory/4728-50-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-133-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-3-0x00007FF9586B0000-0x00007FF9586C0000-memory.dmp

Filesize
64KB

Download
memory/4728-4-0x00007FF9586B0000-0x00007FF9586C0000-memory.dmp

Filesize
64KB

Download
memory/4728-162-0x00007FF9986CD000-0x00007FF9986CE000-memory.dmp

Filesize
4KB

Download
memory/4728-163-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-164-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download
memory/4728-165-0x00007FF998630000-0x00007FF998825000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads