Analysis
-
max time kernel
24s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
01-08-2024 21:01
Behavioral task
behavioral1
Sample
e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4.xlsm
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4.xlsm
Resource
win10v2004-20240730-en
General
-
Target
e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4.xlsm
-
Size
92KB
-
MD5
fdf6c553349c330aecbe4a1d1eaf2e31
-
SHA1
88be1db56ef176b1b81cdefe6af2b7dcaaef710b
-
SHA256
e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4
-
SHA512
77a5ed68dbb6579e26c3cff5dffd2be9da6483b131957cf3ef564b1087588c56dc1751c14bb581013790185bcca84588d6bbb6b8cd5e1a62a889d14487958ca2
-
SSDEEP
1536:CguZCa6S5khUIULwnGF4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIKFP:CgugapkhlULiQaPjpM+d/Ms8ULavLcx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language EXCEL.EXE -
Office loads VBA resources, possible macro or embedded object present
-
Enumerates system info in registry 2 TTPs 1 IoCs
Processes:
EXCEL.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
EXCEL.EXEpid process 2412 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
EXCEL.EXEpid process 2412 EXCEL.EXE 2412 EXCEL.EXE 2412 EXCEL.EXE
Processes
-
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4.xlsm1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2412-0-0x000000005FFF0000-0x0000000060000000-memory.dmpFilesize
64KB
-
memory/2412-1-0x0000000072BED000-0x0000000072BF8000-memory.dmpFilesize
44KB
-
memory/2412-26-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-65-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-64-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-63-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-66-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-67-0x0000000072BED000-0x0000000072BF8000-memory.dmpFilesize
44KB
-
memory/2412-68-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-69-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-70-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB
-
memory/2412-71-0x0000000006B60000-0x0000000006C60000-memory.dmpFilesize
1024KB