1b61c6505be088a4a032df0bc23ec8f5ab1face7e5ff861eea45ecb8bea80972

Analysis

max time kernel
49s
max time network
57s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 21:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b61c6505be088a4a032df0bc23ec8f5ab1face7e5ff861eea45ecb8bea80972.xlsm
Size

92KB
MD5

4a0af206a22b56a18c897dc6c7d234ea
SHA1

ec22b29d63635a090f99b61e6c93b24e9e17e903
SHA256

1b61c6505be088a4a032df0bc23ec8f5ab1face7e5ff861eea45ecb8bea80972
SHA512

7edd2ef12ba2551db1414c2342a7a4eba2d6d6f9793a97ee345a155d106cd3f35dc5fa2ef8fee2a6bbea6a68d400f8e603449a4d3dd216ce39bdec624cc6443d
SSDEEP

1536:CguZCa6S5khUIeHOxrti84znOSjhLM+vGa/M1NIpPkUlB7583fjncFYII5FPI:CgugapkhlUwaPjpM+d/Ms8ULavLcD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1492	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE
1492	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\1b61c6505be088a4a032df0bc23ec8f5ab1face7e5ff861eea45ecb8bea80972.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
326e202166e46773ef6b32b915cb554d

SHA1
6216d31949e86d17a971d3f8a4e72847d49dab40

SHA256
8256e23c7295f4b3d25595645e7c85b401c796da90d77c4d889cb59a8d93813d

SHA512
d3f471f1741afdec9a8121d107d41010f5582626e75b9d21d1d02ee7aa532c1fe4816dbdb6670dbe6fd7401a21360aa8fc76ebedf06d83e8718d9b3cc20434a1

Download Submit
memory/1492-12-0x00007FF9853C0000-0x00007FF9853D0000-memory.dmp

Filesize
64KB

Download
memory/1492-153-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-3-0x00007FF9C75ED000-0x00007FF9C75EE000-memory.dmp

Filesize
4KB

Download
memory/1492-6-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-5-0x00007FF9875D0000-0x00007FF9875E0000-memory.dmp

Filesize
64KB

Download
memory/1492-4-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-7-0x00007FF9875D0000-0x00007FF9875E0000-memory.dmp

Filesize
64KB

Download
memory/1492-8-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-10-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-11-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-9-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-1-0x00007FF9875D0000-0x00007FF9875E0000-memory.dmp

Filesize
64KB

Download
memory/1492-0-0x00007FF9875D0000-0x00007FF9875E0000-memory.dmp

Filesize
64KB

Download
memory/1492-15-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-17-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-13-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-19-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-18-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-16-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-97-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-68-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-152-0x00007FF9C75ED000-0x00007FF9C75EE000-memory.dmp

Filesize
4KB

Download
memory/1492-14-0x00007FF9853C0000-0x00007FF9853D0000-memory.dmp

Filesize
64KB

Download
memory/1492-157-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-158-0x00007FF9C7550000-0x00007FF9C7745000-memory.dmp

Filesize
2.0MB

Download
memory/1492-2-0x00007FF9875D0000-0x00007FF9875E0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads