6d4a65d138717c7bafc640b3de48be878b36def00e23a3240dd28bd814014dd2

General

Target

pclog.exe
Size

558KB
MD5

43508f82880dbe4273ff5ebd55ab43ad
SHA1

82bb725a4f311fdf74d663804a28f01cd0c35869
SHA256

6d4a65d138717c7bafc640b3de48be878b36def00e23a3240dd28bd814014dd2
SHA512

1e777372810dd7c1947fd94e10a222cfb605e59b812fdcb9cf85bd76a12bec9da9ab80d37b7c1a29f64195cd3090ee21292e8add329b65aa05bfa7d288d42029
SSDEEP

6144:ExPCSUvAIpa7pf0RctXnQC72gp5P+Pp6VL2NqN/EMnSZfCYM:aFUvAuyYC72gp5P+Pp6VL5aC

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3168	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE
3168	EXCEL.EXE

C:\Users\Admin\AppData\Local\Temp\pclog.exe
"C:\Users\Admin\AppData\Local\Temp\pclog.exe"
1⤵
PID:4852

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SplitMeasure.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
322B

MD5
8bde796c63d27bffd21d656f150ced6a

SHA1
1ac77a48ff7d9182a20a28ee72237841946fe93a

SHA256
c13fe3cbb023f777bec44725f3c4c1abc363a3a3d4ba3a45827e638d81193077

SHA512
34e764cea28c0d49a736c3b615d862d4738ec880fcbcb4585164f25b39591767c68184f9a93e1ff96793dc9d8c454d92ca3ab43c53f8d475476a0f9f0678e030

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
a0e8ec8f63cce9b0f7ecb3df899935a5

SHA1
5b2accb1e8660a43c7879799a55a459c2e5f69cf

SHA256
9bedd06f3bf6a1624fe4aaf1aed773d817d60c2c3b83a48b89a6083318adf4e3

SHA512
dfbf9976bc7728da62c24f1c2fad29e91157e4af08273190074eac33ee7b3baeeb5df376bea9fd5c3e427fc1e91cca911f7897be12e919d4bcec11e722f1843d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
0bec3af1bdab90ac4a3b8328f77e32ca

SHA1
dc9ea209a76dbd91c071d913c37e68f46bc493ca

SHA256
0514cb3510aaba8703a0bbd22f4194ecb96b477cab6ecb1febc8f61eab7ca3e9

SHA512
1a187f8d0f29686776ad8e010741816d6726d7c735ba74ce6e55ed0441f10ece852b9fbdeeae78689780553086c465349b38b67d68c0e31c42b213ce25d13835

Download Submit
memory/3168-16-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-23-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-5-0x00007FFE750CD000-0x00007FFE750CE000-memory.dmp

Filesize
4KB

Download
memory/3168-6-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-8-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-11-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-10-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-9-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-19-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-12-0x00007FFE32FD0000-0x00007FFE32FE0000-memory.dmp

Filesize
64KB

Download
memory/3168-13-0x00007FFE32FD0000-0x00007FFE32FE0000-memory.dmp

Filesize
64KB

Download
memory/3168-14-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-15-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-78-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-3-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-18-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-7-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-17-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-22-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-25-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-24-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-21-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-20-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-4-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-2-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-76-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-65-0x00007FFE75030000-0x00007FFE75225000-memory.dmp

Filesize
2.0MB

Download
memory/3168-74-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-75-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/3168-77-0x00007FFE350B0000-0x00007FFE350C0000-memory.dmp

Filesize
64KB

Download
memory/4852-1-0x00007FF7DBD70000-0x00007FF7DBE32000-memory.dmp

Filesize
776KB

Download
memory/4852-0-0x00007FF7DBD70000-0x00007FF7DBE32000-memory.dmp

Filesize
776KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads