4bbfb7973bb7b3ddbb90c0eb5753034f8737f7872c65d9852b2e944b1ea8483c

Analysis

max time kernel
46s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4bbfb7973bb7b3ddbb90c0eb5753034f8737f7872c65d9852b2e944b1ea8483c.xlsm
Size

91KB
MD5

32bf5fcbcb2c20efaa6c1e93eca36184
SHA1

574af024e805ec54939a20638fa1f61c96c3c396
SHA256

4bbfb7973bb7b3ddbb90c0eb5753034f8737f7872c65d9852b2e944b1ea8483c
SHA512

2a350ee978e8b1cbb81825d2870776035b7b526c242d2d3459ad23b4dcbd5f010a8433cc74ba364c9cdb5c651ab6166b942cbf7d92d2c5558e36bbc97899a71f
SSDEEP

1536:CguZCa6S5khUIcaW8jld4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYII4FS:CgugapkhlcP8jvaPjpM+d/Ms8ULavLcC

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1160	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE
1160	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4bbfb7973bb7b3ddbb90c0eb5753034f8737f7872c65d9852b2e944b1ea8483c.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
c29dc64f5b6c1bf7652ec76a1a1fdf56

SHA1
c967d8a9cdb47b8168c79458d5990d0896bcd08c

SHA256
59ff5620f840c5408cc3341e19d6a6249e821f86bb04a6ae84b417741cd12e05

SHA512
09c46e0b4a91c9acaab89ab81b2f020e554b31a8567066fb6f811da77128990fbc67487b34207e14f582a3192b5191fe65a5c20bedd800360310ad33e00b9c01

Download Submit
memory/1160-11-0x00007FFF86400000-0x00007FFF86410000-memory.dmp

Filesize
64KB

Download
memory/1160-12-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-3-0x00007FFF88850000-0x00007FFF88860000-memory.dmp

Filesize
64KB

Download
memory/1160-2-0x00007FFF88850000-0x00007FFF88860000-memory.dmp

Filesize
64KB

Download
memory/1160-5-0x00007FFFC886D000-0x00007FFFC886E000-memory.dmp

Filesize
4KB

Download
memory/1160-8-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-9-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-10-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-7-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-13-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-4-0x00007FFF88850000-0x00007FFF88860000-memory.dmp

Filesize
64KB

Download
memory/1160-6-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-0-0x00007FFF88850000-0x00007FFF88860000-memory.dmp

Filesize
64KB

Download
memory/1160-16-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-15-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-14-0x00007FFF86400000-0x00007FFF86410000-memory.dmp

Filesize
64KB

Download
memory/1160-19-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-18-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-17-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-66-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download
memory/1160-1-0x00007FFF88850000-0x00007FFF88860000-memory.dmp

Filesize
64KB

Download
memory/1160-153-0x00007FFFC87D0000-0x00007FFFC89C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads