e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4

Analysis

max time kernel
46s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4.xlsm
Size

92KB
MD5

fdf6c553349c330aecbe4a1d1eaf2e31
SHA1

88be1db56ef176b1b81cdefe6af2b7dcaaef710b
SHA256

e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4
SHA512

77a5ed68dbb6579e26c3cff5dffd2be9da6483b131957cf3ef564b1087588c56dc1751c14bb581013790185bcca84588d6bbb6b8cd5e1a62a889d14487958ca2
SSDEEP

1536:CguZCa6S5khUIULwnGF4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIKFP:CgugapkhlULiQaPjpM+d/Ms8ULavLcx

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1316	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE
1316	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\e00a72f50224195054f09085c93183e3abb3ac8951b460bbf34dec5738021eb4.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
03cabcb6991896b7f6316d94bb7af366

SHA1
7f3fa6cf054a3cf4b301abcd955ba1a50b2b61af

SHA256
b2cb8dd21c2f2c2a0246b1ce855732574ee40fd76c0990bb0655895ecff4038f

SHA512
c99bc459abfaed0d549bd1df05ae9cfc4c28dc46e1d747cb4d8daa3d94dd895e1b5aa1302de7d5fc3635209b933a62458c0f16df5d11ee1bf30711fd843e7c67

Download Submit
memory/1316-15-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-69-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-1-0x00007FFB66770000-0x00007FFB66780000-memory.dmp

Filesize
64KB

Download
memory/1316-0-0x00007FFB66770000-0x00007FFB66780000-memory.dmp

Filesize
64KB

Download
memory/1316-6-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-8-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-5-0x00007FFB66770000-0x00007FFB66780000-memory.dmp

Filesize
64KB

Download
memory/1316-9-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-10-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-7-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-155-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-4-0x00007FFB66770000-0x00007FFB66780000-memory.dmp

Filesize
64KB

Download
memory/1316-21-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-17-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-16-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-20-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-19-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-18-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-14-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-13-0x00007FFBA66F0000-0x00007FFBA68E5000-memory.dmp

Filesize
2.0MB

Download
memory/1316-12-0x00007FFB64620000-0x00007FFB64630000-memory.dmp

Filesize
64KB

Download
memory/1316-2-0x00007FFB66770000-0x00007FFB66780000-memory.dmp

Filesize
64KB

Download
memory/1316-3-0x00007FFBA678D000-0x00007FFBA678E000-memory.dmp

Filesize
4KB

Download
memory/1316-11-0x00007FFB64620000-0x00007FFB64630000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads