dfe9e125455a70215e55b715dfb98134bbf94a16fdac64b6236cbf0ee9d59b50

Analysis

max time kernel
32s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 22:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dfe9e125455a70215e55b715dfb98134bbf94a16fdac64b6236cbf0ee9d59b50.xls
Size

1.0MB
MD5

f5bcfd692f001f001fdab6aae4c09ba2
SHA1

171fcbbe60a3506d7b4f57f602b71211e2f58152
SHA256

dfe9e125455a70215e55b715dfb98134bbf94a16fdac64b6236cbf0ee9d59b50
SHA512

83badcb08213d7e2f06ea80ba81b75036b6b33b52aabbbf24b393b41b9124a669a0918e60aea842b3f3eefe6cdf5429ce7c9d2e41458b0c009857962ad72bb84
SSDEEP

12288:njxju5uQ+WbWh6ANrnHnV3wxmLFx9UCYIoDouwUPrHdpAt5TN4:nljQwrVgxmLFfUVEgrHa

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2896	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2896	EXCEL.EXE
2896	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE
2896	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\dfe9e125455a70215e55b715dfb98134bbf94a16fdac64b6236cbf0ee9d59b50.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
7aa1d3528e87f14c035bc5b65ffcf24c

SHA1
d41c55cd27589f21012e76e6bb890ec8c3e0f314

SHA256
e02dc3fcbba38d35941be594f7c8f770a9ea44a66fac137a47156310f4af9d7f

SHA512
c9942609951389b5fe5f387b5a7e65bc823617103917eda60ca7434354aa1298cb5f747e8fe1d2fd5d07973cf0d794394f871e94327b450f93148d292c4b2bb1

Download Submit
memory/2896-20-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-37-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-4-0x00007FFBE4D2D000-0x00007FFBE4D2E000-memory.dmp

Filesize
4KB

Download
memory/2896-3-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

Filesize
64KB

Download
memory/2896-21-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-11-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-10-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-9-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-8-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-12-0x00007FFBA2CB0000-0x00007FFBA2CC0000-memory.dmp

Filesize
64KB

Download
memory/2896-14-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-15-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-1-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

Filesize
64KB

Download
memory/2896-18-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-5-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

Filesize
64KB

Download
memory/2896-19-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-17-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-16-0x00007FFBA2CB0000-0x00007FFBA2CC0000-memory.dmp

Filesize
64KB

Download
memory/2896-13-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-7-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-6-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-36-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-38-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-0-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

Filesize
64KB

Download
memory/2896-40-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-39-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download
memory/2896-2-0x00007FFBA4D10000-0x00007FFBA4D20000-memory.dmp

Filesize
64KB

Download
memory/2896-49-0x00007FFBE4C90000-0x00007FFBE4E85000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads