2c55b71879397cef8c335267685986f0f92fe95980e03e34f5d2619c2ddcd490

Resubmissions

22/08/2024, 00:19

240822-amaftayblf 1

22/08/2024, 00:05

240822-adnxva1hln 1

22/08/2024, 00:04

240822-acmy6axflh 3

22/08/2024, 00:02

240822-abtejs1gmj 1

Analysis

max time kernel
47s
max time network
20s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/08/2024, 00:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

E20240100021306_Anexo_1.xlsm
Size

2.0MB
MD5

6e03fd37d1b8ceb1c7172f384849790d
SHA1

236bde21ce7cfab3b681646b4d87d9aca8f68024
SHA256

48e59c7e61d7826d87086280c02c637377570e24824a77a4ff9df9296ea11ff3
SHA512

9385daea011a07f5836a4dbae40aeda56a7b67c31924e551d3a3e1eb6095f3289e8e673caae7e47b468fb5d890711fe498a6df126b1a9635de2f522c8c5e03c8
SSDEEP

49152:/HjUhlgth/pBHrl8zP3pV/W9/ugEIJgCFCKyeXCs3:fjUh0FpBB8LZV/W9GAjoDoF3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2380	EXCEL.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2380	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
2380	EXCEL.EXE
4688	MiniSearchHost.exe

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\E20240100021306_Anexo_1.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d12e797f18cb79137ad12b5e5139e1b8

SHA1
f15fb437b1be86b714e278ce927b315fa0e16ea3

SHA256
afb0f4a0229174f8118ab512b569fdb9eb3ebb0389cb11c9f4a0a2aa88ec258b

SHA512
f6e8f99bcd0ecff7683c8e56fa2ffa3fdff16d6c17a2066b36bc3d78e2838130b5b23059a239b29a7ebdd0b5ca36b3f9cf388945bf1aad50a3f91cb8091223cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
9ac031b4f77582d1d09f41e8ab64d72e

SHA1
a6aa53ee37fe8aceaa489482b7a39386b7984e21

SHA256
c73307140fa0509de26bb5927e514eea92850758c2dc0c81ac422fde1d29131c

SHA512
c695674bd732a8246d1983d56de7b08912c4d7bc782c757e5b0e171d923fbe48fcbb79c2a17cf89c9dffa603141a5ea33085d02f79bd1fd80e12848a8e6de902

Download Submit
memory/2380-14-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-36-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-4-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-2-0x00007FF9120D0000-0x00007FF9120E0000-memory.dmp

Filesize
64KB

Download
memory/2380-6-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-7-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-10-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-9-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-8-0x00007FF9120D0000-0x00007FF9120E0000-memory.dmp

Filesize
64KB

Download
memory/2380-13-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-0-0x00007FF9520E3000-0x00007FF9520E4000-memory.dmp

Filesize
4KB

Download
memory/2380-16-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-5-0x00007FF9120D0000-0x00007FF9120E0000-memory.dmp

Filesize
64KB

Download
memory/2380-15-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-18-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-12-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-11-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-19-0x00007FF90F6F0000-0x00007FF90F700000-memory.dmp

Filesize
64KB

Download
memory/2380-20-0x00007FF90F6F0000-0x00007FF90F700000-memory.dmp

Filesize
64KB

Download
memory/2380-28-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-35-0x00007FF9520E3000-0x00007FF9520E4000-memory.dmp

Filesize
4KB

Download
memory/2380-17-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-37-0x00007FF952040000-0x00007FF952249000-memory.dmp

Filesize
2.0MB

Download
memory/2380-3-0x00007FF9120D0000-0x00007FF9120E0000-memory.dmp

Filesize
64KB

Download
memory/2380-1-0x00007FF9120D0000-0x00007FF9120E0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads