f468de85a99d2da2099ad3f5afcbf992224dca6d6847b3b617ca1db8cb66d6b1

Analysis

max time kernel
46s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f468de85a99d2da2099ad3f5afcbf992224dca6d6847b3b617ca1db8cb66d6b1.xlsm
Size

91KB
MD5

5c6f3fc747b5e1576a2e7395cba559b1
SHA1

5ae716d4d2b6ac20a7d29f31d791cdd35d3c57f1
SHA256

f468de85a99d2da2099ad3f5afcbf992224dca6d6847b3b617ca1db8cb66d6b1
SHA512

09b5b716ec1e3153c7fa16eddb1a40f81944ad9e211b15651db356e8a12c0d80e4d2b39e042363d106d7abcac9ba129163bb51bb271127227b7e44994f2f810d
SSDEEP

1536:CguZCa6S5khUIXhyQVkG8v4znOSjhL97kGa/M1NIpPkUlB7583fjncFYIITQFb:CgugapkhlXhyQOGsaPjpE/Ms8ULavLc1

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2512	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE
2512	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\f468de85a99d2da2099ad3f5afcbf992224dca6d6847b3b617ca1db8cb66d6b1.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
881f1dababcafdbb66e66c62368fd76c

SHA1
f93b392fc986f317def462170291fb5b8293a066

SHA256
6a21db2760cbb51614352b2e09aab97b711294dff7c894cc9439151a6f666f49

SHA512
f87a8278b6fdd68606ca829eb1687e1c76418c26c0faf71173af68159b3c0466fe51f0d336df37737ad16a0e15f33b9ad910e7c0564392f06294f1d72e6dc8dd

Download Submit
memory/2512-9-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-6-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-8-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-4-0x00007FF8D8730000-0x00007FF8D8740000-memory.dmp

Filesize
64KB

Download
memory/2512-16-0x00007FF8D64F0000-0x00007FF8D6500000-memory.dmp

Filesize
64KB

Download
memory/2512-5-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-10-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-15-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-12-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-14-0x00007FF8D64F0000-0x00007FF8D6500000-memory.dmp

Filesize
64KB

Download
memory/2512-11-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-2-0x00007FF8D8730000-0x00007FF8D8740000-memory.dmp

Filesize
64KB

Download
memory/2512-1-0x00007FF8D8730000-0x00007FF8D8740000-memory.dmp

Filesize
64KB

Download
memory/2512-0-0x00007FF91874D000-0x00007FF91874E000-memory.dmp

Filesize
4KB

Download
memory/2512-13-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-7-0x00007FF8D8730000-0x00007FF8D8740000-memory.dmp

Filesize
64KB

Download
memory/2512-17-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-18-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-68-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-152-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-153-0x00007FF91874D000-0x00007FF91874E000-memory.dmp

Filesize
4KB

Download
memory/2512-154-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-155-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-156-0x00007FF9186B0000-0x00007FF9188A5000-memory.dmp

Filesize
2.0MB

Download
memory/2512-3-0x00007FF8D8730000-0x00007FF8D8740000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads