69e6a5fec15f3a5acee3b85f1fb72f82a346aa15c4f16078ed160200500fef78

Analysis

max time kernel
46s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 21:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

69e6a5fec15f3a5acee3b85f1fb72f82a346aa15c4f16078ed160200500fef78.xlsm
Size

92KB
MD5

ab3d4958c6fef2e42bf89aba11eddfb6
SHA1

f2a8d3b8ce67546025578eb9740b042e05a3621a
SHA256

69e6a5fec15f3a5acee3b85f1fb72f82a346aa15c4f16078ed160200500fef78
SHA512

cc824f6be0fb3e62ba3c276771f76b1aa275029b6fcc64f1e875eb0679d5285e7011355100934c4c3b840db499b44a90e661d79732336e26fd93f3efbfe148fd
SSDEEP

1536:CguZCa6S5khUIfMw3HCZM4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIAUF9:CgugapkhlcZMaPjpM+d/Ms8ULavLcW

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2196	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE
2196	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\69e6a5fec15f3a5acee3b85f1fb72f82a346aa15c4f16078ed160200500fef78.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
81f64c829cd77c3ffd0a0a3833bd6c75

SHA1
ec375f4bf843c5785d2ea0088fb2c43bd0ac7401

SHA256
b7a620b10f63bb3e0c9151764aa07b1f706ff688a61f72f53e351f50d5aad928

SHA512
22a374c2a7ca8aa8dce6c34dd8fdb9e34a8abd107cd2808d323a63135019951d92fd4bbc9b25821874166a9234399f373ae1e66e608b821d843719bf49c86a23

Download Submit
memory/2196-13-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-87-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-4-0x00007FFA8B1F0000-0x00007FFA8B200000-memory.dmp

Filesize
64KB

Download
memory/2196-1-0x00007FFA8B1F0000-0x00007FFA8B200000-memory.dmp

Filesize
64KB

Download
memory/2196-5-0x00007FFACB20D000-0x00007FFACB20E000-memory.dmp

Filesize
4KB

Download
memory/2196-9-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-8-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-7-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-6-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-10-0x00007FFA89100000-0x00007FFA89110000-memory.dmp

Filesize
64KB

Download
memory/2196-11-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-0-0x00007FFA8B1F0000-0x00007FFA8B200000-memory.dmp

Filesize
64KB

Download
memory/2196-3-0x00007FFA8B1F0000-0x00007FFA8B200000-memory.dmp

Filesize
64KB

Download
memory/2196-14-0x00007FFA89100000-0x00007FFA89110000-memory.dmp

Filesize
64KB

Download
memory/2196-21-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-18-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-20-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-22-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-15-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-19-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-17-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-16-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-12-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-2-0x00007FFA8B1F0000-0x00007FFA8B200000-memory.dmp

Filesize
64KB

Download
memory/2196-156-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download
memory/2196-157-0x00007FFACB170000-0x00007FFACB365000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads