a62f04bd712406133ee85038700bc2f9e71f18bff738347feba90fcc42e59976

Analysis

max time kernel
46s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 21:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a62f04bd712406133ee85038700bc2f9e71f18bff738347feba90fcc42e59976.xlsm
Size

92KB
MD5

1b2e1aaaeb6150a77145de383e7953d9
SHA1

4f1f7c95e3c8ec019b0e73d0f566477f7076300c
SHA256

a62f04bd712406133ee85038700bc2f9e71f18bff738347feba90fcc42e59976
SHA512

4f20917d4ad28644da75db34d610672caf67eff78e2755cfa338ff30750a9f8b3db1cd3c6f0e5f0b19705c8f3096a5c5cf6189c003600d8346313a6ce0494bca
SSDEEP

1536:CguZCa6S5khUIeWL/bJC/4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIpF1:CgugapkhleWztC/aPjpM+d/Ms8ULavL9

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4472	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE
4472	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\a62f04bd712406133ee85038700bc2f9e71f18bff738347feba90fcc42e59976.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
7e30e136c27992a107f60e08695ece5c

SHA1
6dd23eaf2c3bb9f8602250c03788fe6b1f24dfd8

SHA256
c04b16088b91ef547f9891abd95acfbbdf4e33c7841ef3ea173a403bfd5f837b

SHA512
d0388b539304e0dba95e7e08420f8feda01f0794ddf7161148539cf3a4e1add7588291d352c2d5efbb47acbc645120b437ea5ba9091917c505b2f2f5413d28a3

Download Submit
memory/4472-10-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-12-0x00007FFCA92F0000-0x00007FFCA9300000-memory.dmp

Filesize
64KB

Download
memory/4472-2-0x00007FFCABA50000-0x00007FFCABA60000-memory.dmp

Filesize
64KB

Download
memory/4472-4-0x00007FFCABA50000-0x00007FFCABA60000-memory.dmp

Filesize
64KB

Download
memory/4472-5-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-6-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-7-0x00007FFCABA50000-0x00007FFCABA60000-memory.dmp

Filesize
64KB

Download
memory/4472-8-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-11-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-13-0x00007FFCA92F0000-0x00007FFCA9300000-memory.dmp

Filesize
64KB

Download
memory/4472-3-0x00007FFCABA50000-0x00007FFCABA60000-memory.dmp

Filesize
64KB

Download
memory/4472-9-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-1-0x00007FFCABA50000-0x00007FFCABA60000-memory.dmp

Filesize
64KB

Download
memory/4472-76-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-124-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-146-0x00007FFCEBA6D000-0x00007FFCEBA6E000-memory.dmp

Filesize
4KB

Download
memory/4472-147-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-148-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-149-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-153-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-154-0x00007FFCEB9D0000-0x00007FFCEBBC5000-memory.dmp

Filesize
2.0MB

Download
memory/4472-0-0x00007FFCEBA6D000-0x00007FFCEBA6E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads