538f2dc16f2b1d4263d4bfdca8810781b36b56601384a6c9b63b3abe9ccea72f

Analysis

max time kernel
47s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

538f2dc16f2b1d4263d4bfdca8810781b36b56601384a6c9b63b3abe9ccea72f.xlsm
Size

92KB
MD5

f0ef5e94efd82044b5ef0e9cf717083c
SHA1

79acb512ad168b792220906509aa90c538e98be4
SHA256

538f2dc16f2b1d4263d4bfdca8810781b36b56601384a6c9b63b3abe9ccea72f
SHA512

9e7e5f8084552aa808110c6e3adfc9b1f9865405c5d6cd699f4ae8a63a603caedd8061bfe32100f2bb61704aee8841a0aefcbf3cad8bd714d52a7b3912a5f34b
SSDEEP

1536:CguZCa6S5khUIO+T4znOSjhLqxMUH9Ga/M1NIpPkUlB7583fjncFYIIZFw:CgugapkhljaPjpqxvD/Ms8ULavLcL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
872	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE
872	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\538f2dc16f2b1d4263d4bfdca8810781b36b56601384a6c9b63b3abe9ccea72f.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
df27b8b98efa163efa5db4205248bfa4

SHA1
d42166f193c20d67123ee1248e30eac1872dcdb7

SHA256
242fa7123764ef97138a4bb95380d9af6cb4a91c43af770a56a35c4dce17beb7

SHA512
7b583cca5ae23ae7f6dd797da21bd7406b2420b809b566cde95b64c7cc9eb659dcd8c6f5633a37d4b41f67d0524b3b5a93e0fe104f7dbc5aee54e6450df29743

Download Submit
memory/872-12-0x00007FFE2DE20000-0x00007FFE2DE30000-memory.dmp

Filesize
64KB

Download
memory/872-5-0x00007FFE703ED000-0x00007FFE703EE000-memory.dmp

Filesize
4KB

Download
memory/872-7-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-6-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-13-0x00007FFE2DE20000-0x00007FFE2DE30000-memory.dmp

Filesize
64KB

Download
memory/872-8-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-10-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-11-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-9-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-0-0x00007FFE303D0000-0x00007FFE303E0000-memory.dmp

Filesize
64KB

Download
memory/872-4-0x00007FFE303D0000-0x00007FFE303E0000-memory.dmp

Filesize
64KB

Download
memory/872-2-0x00007FFE303D0000-0x00007FFE303E0000-memory.dmp

Filesize
64KB

Download
memory/872-3-0x00007FFE303D0000-0x00007FFE303E0000-memory.dmp

Filesize
64KB

Download
memory/872-15-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-17-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-18-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-16-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-14-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-64-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download
memory/872-1-0x00007FFE303D0000-0x00007FFE303E0000-memory.dmp

Filesize
64KB

Download
memory/872-152-0x00007FFE70350000-0x00007FFE70545000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads