fac014011c07df89dc855c1eb6007c209f5a97fadfd0ecec9258e5ec2ae8e93d

Analysis

max time kernel
131s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fac014011c07df89dc855c1eb6007c209f5a97fadfd0ecec9258e5ec2ae8e93d.xlsx
Size

73KB
MD5

29db2fd6ec5f482d151818206b1a2cd8
SHA1

94bb422b363b19fad82bf3effcce9c1de6a29a98
SHA256

fac014011c07df89dc855c1eb6007c209f5a97fadfd0ecec9258e5ec2ae8e93d
SHA512

8e3e6ed8dc2ac305dcaec961a376c7a8cf6e043785c6769b6106938b377efc8f44cbc92d6232b6b4c9fa945a7a5f54c5d02dbc059fc76169f3de42f528630fdf
SSDEEP

1536:52AQ7TJ9wRlBc5XgYhObNfXxhShmBzVeFUuM:FQAUg0ItbSqoFUuM

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4640	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE
4640	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\fac014011c07df89dc855c1eb6007c209f5a97fadfd0ecec9258e5ec2ae8e93d.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
dd83054ef217a091bfe66473ba3d20e1

SHA1
d593266c9b19ef1f345c107092410d22aca79b30

SHA256
dec2f07601bb7a091f77cc3a07a3e1598f95565ce2092c411aed169a789e0bd8

SHA512
641f5194a4a11a6e034519a352c0a378d043fcce61bdba9b949b21d82de64adf4c2a8952af3e202d6920dc3a2bd2422110d989f56af43472f5a133a11ac748b7

Download Submit
memory/4640-8-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-11-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-2-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-4-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-6-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-1-0x00007FFA3332D000-0x00007FFA3332E000-memory.dmp

Filesize
4KB

Download
memory/4640-10-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-5-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-7-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-9-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-3-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-13-0x00007FF9F0AA0000-0x00007FF9F0AB0000-memory.dmp

Filesize
64KB

Download
memory/4640-12-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-14-0x00007FF9F0AA0000-0x00007FF9F0AB0000-memory.dmp

Filesize
64KB

Download
memory/4640-26-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-27-0x00007FFA3332D000-0x00007FFA3332E000-memory.dmp

Filesize
4KB

Download
memory/4640-28-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download
memory/4640-0-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-51-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-52-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-54-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-53-0x00007FF9F3310000-0x00007FF9F3320000-memory.dmp

Filesize
64KB

Download
memory/4640-55-0x00007FFA33290000-0x00007FFA33485000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads