3167c1a336f682cdc9da8b24b5f0a946ad2b6f1c1a816e38212211f9b40e22ce

Analysis

max time kernel
47s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3167c1a336f682cdc9da8b24b5f0a946ad2b6f1c1a816e38212211f9b40e22ce.xlsm
Size

92KB
MD5

833d77c3b201cf955a64411d73b2d38e
SHA1

390680ce8b4b9fb37b77d8559d2352e5177b46ee
SHA256

3167c1a336f682cdc9da8b24b5f0a946ad2b6f1c1a816e38212211f9b40e22ce
SHA512

2c17a01a25a19d6a5a353cff4863c528b26e506ba578e9ef2c3551d6e9427f42523dc6b435853ec7cf73c8e695dd418072c48184e38fa8d707cc93dd95b5d971
SSDEEP

1536:CguZCa6S5khUIcQ+k/Ly5rjJaYVSjakcKGGa/M1NIpPkUlB7583fjncFYIICFO:CgugapkhlcQ3+582kcD/Ms8ULavLce

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3512	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE
3512	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3167c1a336f682cdc9da8b24b5f0a946ad2b6f1c1a816e38212211f9b40e22ce.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
f0b8bc64fc2da74407fd62a734482f57

SHA1
6933e4c8099ed9d5d63dbf889402b6e73de96a64

SHA256
2e045c78e31f27ec0384c9f5e005dbd3400ce91660f34759541dff7574956935

SHA512
e84f51a5181b727252e6004be7a3f5465654126d2334d3cda9555ae7571e3353b2ab3f6dbb6ac06deaaed00a07b69fe5d82f554ba22d29a0ec29ce557510f0e3

Download Submit
memory/3512-11-0x00007FFBEC1B0000-0x00007FFBEC1C0000-memory.dmp

Filesize
64KB

Download
memory/3512-8-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-5-0x00007FFBEE4B0000-0x00007FFBEE4C0000-memory.dmp

Filesize
64KB

Download
memory/3512-1-0x00007FFBEE4B0000-0x00007FFBEE4C0000-memory.dmp

Filesize
64KB

Download
memory/3512-0-0x00007FFC2E4CD000-0x00007FFC2E4CE000-memory.dmp

Filesize
4KB

Download
memory/3512-7-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-3-0x00007FFBEE4B0000-0x00007FFBEE4C0000-memory.dmp

Filesize
64KB

Download
memory/3512-10-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-9-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-6-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-4-0x00007FFBEE4B0000-0x00007FFBEE4C0000-memory.dmp

Filesize
64KB

Download
memory/3512-12-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-13-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-15-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-17-0x00007FFBEC1B0000-0x00007FFBEC1C0000-memory.dmp

Filesize
64KB

Download
memory/3512-16-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-14-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-68-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-149-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-150-0x00007FFC2E4CD000-0x00007FFC2E4CE000-memory.dmp

Filesize
4KB

Download
memory/3512-151-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-152-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-156-0x00007FFC2E430000-0x00007FFC2E625000-memory.dmp

Filesize
2.0MB

Download
memory/3512-2-0x00007FFBEE4B0000-0x00007FFBEE4C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads