8277300c3d809c4afa9996d8f7586c9e293a8256bb8d8a4bb3a4dd21e175391a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2024 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

920f96788d41ba9a43556dfd4cbc1ba9b452dffce5a5b962107d3ffdcd5c7fed.xlsm
Size

13KB
MD5

90b0b5a51f143a5bd4efe22d767dcf1a
SHA1

1342cb0a36ac8371a9646dbcf9c3b47234002a7e
SHA256

920f96788d41ba9a43556dfd4cbc1ba9b452dffce5a5b962107d3ffdcd5c7fed
SHA512

2200dde2efa608ae89b74c4d041e2e1e44b7f29458d800849655d6670ceb6326a382c497548fcc0fec7613d8c893f306871fbf6b7090bfb4218f8a2590a0f47a
SSDEEP

192:H7UpMcgX6lPfrXpS0hDWOVelKCxxWBWb49hugLIJnHsrbgMS1bTk:H7+McQ6ZTp5WOCKCxoBWmLoabgm

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1900	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE
1900	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\920f96788d41ba9a43556dfd4cbc1ba9b452dffce5a5b962107d3ffdcd5c7fed.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
8049823dfa3b913c9ccd96554ca20031

SHA1
9bc98d75b969ce933030d891fbc64c70c9bdd5ef

SHA256
49ce256bf5b1413fe3b5280e768a2fbcceec298b5f5b478019832af925dbae39

SHA512
d6065089710fa12ffc7fab5aa8545e198aed069bc7f6a6191ab910c04cb044b51179f49f44a928b2fd07dfb51656629025d25dab6a95d52b4ede61fe15a4feed

Download Submit
memory/1900-12-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-6-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-10-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-13-0x00007FF8DD340000-0x00007FF8DD350000-memory.dmp

Filesize
64KB

Download
memory/1900-11-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-4-0x00007FF8DFB90000-0x00007FF8DFBA0000-memory.dmp

Filesize
64KB

Download
memory/1900-9-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-8-0x00007FF8DFB90000-0x00007FF8DFBA0000-memory.dmp

Filesize
64KB

Download
memory/1900-7-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-1-0x00007FF8DFB90000-0x00007FF8DFBA0000-memory.dmp

Filesize
64KB

Download
memory/1900-3-0x00007FF8DFB90000-0x00007FF8DFBA0000-memory.dmp

Filesize
64KB

Download
memory/1900-2-0x00007FF8DFB90000-0x00007FF8DFBA0000-memory.dmp

Filesize
64KB

Download
memory/1900-5-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-14-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-15-0x00007FF8DD340000-0x00007FF8DD350000-memory.dmp

Filesize
64KB

Download
memory/1900-25-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-26-0x00007FF91FBAD000-0x00007FF91FBAE000-memory.dmp

Filesize
4KB

Download
memory/1900-27-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-0-0x00007FF91FBAD000-0x00007FF91FBAE000-memory.dmp

Filesize
4KB

Download
memory/1900-44-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download
memory/1900-45-0x00007FF91FB10000-0x00007FF91FD05000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads