f3bc579e711e495bd24d35f8aca0efa2877802452d25b37c34e11047ca247ae7

General

Target

f3bc579e711e495bd24d35f8aca0efa2877802452d25b37c34e11047ca247ae7.xlsm
Size

92KB
MD5

0e02f9032301e1e11e9d3e373ad6bc4e
SHA1

7afe66f844f53840a1fb7edf1f63f8bd0b27f1d5
SHA256

f3bc579e711e495bd24d35f8aca0efa2877802452d25b37c34e11047ca247ae7
SHA512

9036787a6f0b19f32aac96ff6b8c851efffe38cfbd607b847a4c209357cd81c767abfbf264f77a3570c17a9be27bb2006876c9d71934020616783cff283ab0c2
SSDEEP

1536:CguZCa6S5khUIYFvbMCqHzIPU4znOSjhLzVubGa/M1NIpPkUlB7583fjncFYIIwm:CgugapkhlYhIT7aPjpzVw/Ms8ULavLce

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4636	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE
4636	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\f3bc579e711e495bd24d35f8aca0efa2877802452d25b37c34e11047ca247ae7.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
a507e909bf15e2653fb2922757f9939b

SHA1
c49711609574f18e160a1fdf7497e7bbec3b71e8

SHA256
c19271724db39dfafbe401dc2ad2c323fc450848840a232610a30aefecb7d667

SHA512
13204c2bd1adacaa0ad772c17b80640e020768ba2e07445edf7cebad86e1469ba910505aac1af71919f4a413e7f029ec017d35bba4dcae0950e16bf55890fdc2

Download Submit
memory/4636-7-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-5-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/4636-16-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-19-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-18-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-21-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-22-0x00007FFB63EB0000-0x00007FFB63EC0000-memory.dmp

Filesize
64KB

Download
memory/4636-20-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-17-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-15-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-14-0x00007FFB63EB0000-0x00007FFB63EC0000-memory.dmp

Filesize
64KB

Download
memory/4636-13-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-10-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-9-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-12-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-8-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-3-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/4636-4-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/4636-6-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-2-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/4636-1-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/4636-0-0x00007FFBA628D000-0x00007FFBA628E000-memory.dmp

Filesize
4KB

Download
memory/4636-71-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-131-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-156-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-155-0x00007FFBA628D000-0x00007FFBA628E000-memory.dmp

Filesize
4KB

Download
memory/4636-157-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-158-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-162-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-163-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/4636-11-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads