d644f5993c6ac824b6c38d2fea8dcd75dc9ec6dfd6f517e08b7f71feaa4c1acf

Analysis

max time kernel
46s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d644f5993c6ac824b6c38d2fea8dcd75dc9ec6dfd6f517e08b7f71feaa4c1acf.xlsm
Size

92KB
MD5

464ba88d28d5125b55f62d48cf2c93c0
SHA1

13b48acea1f9f5bba98f97e66008207a7500e660
SHA256

d644f5993c6ac824b6c38d2fea8dcd75dc9ec6dfd6f517e08b7f71feaa4c1acf
SHA512

6c827cb738c5bc6675488fe9f662e45535215bcc62797e01d9e36d41d7c81e80397d0dddbba4f85fe50e9c0f543157a4ad8d90d63694450e77f3311d0326d56f
SSDEEP

1536:CguZCa6S5khUIq8DIlzz924znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIXeFe:CgugapkhlJDSz8aPjpM+d/Ms8ULavLci

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3424	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE
3424	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\d644f5993c6ac824b6c38d2fea8dcd75dc9ec6dfd6f517e08b7f71feaa4c1acf.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S68Q8CZENZNUUZ1AXRQ5.temp

Filesize
1KB

MD5
1e923a2d5607635ff49bc8b1f538526a

SHA1
376b9f0f54f72352e72c704919363decd828d9a8

SHA256
46a065731985676b32a75e66511c721ecf0dc00236d1b260d3186826324e3933

SHA512
e10660c4dca28e6bc7716715501219e0424824743f918bbab0de2a60bd037f5fbdb14b7fdc4401e3e738b9dce57026e3ccea0138f971bab02c3a5da41b520009

Download Submit
memory/3424-7-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-12-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-3-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/3424-2-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/3424-10-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-11-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-13-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-6-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/3424-0-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/3424-9-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-4-0x00007FF822610000-0x00007FF822620000-memory.dmp

Filesize
64KB

Download
memory/3424-8-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-14-0x00007FF8202B0000-0x00007FF8202C0000-memory.dmp

Filesize
64KB

Download
memory/3424-5-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-15-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-19-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-18-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-17-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-16-0x00007FF8202B0000-0x00007FF8202C0000-memory.dmp

Filesize
64KB

Download
memory/3424-150-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-151-0x00007FF86262D000-0x00007FF86262E000-memory.dmp

Filesize
4KB

Download
memory/3424-152-0x00007FF862590000-0x00007FF862785000-memory.dmp

Filesize
2.0MB

Download
memory/3424-1-0x00007FF86262D000-0x00007FF86262E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads