Analysis
-
max time kernel
46s -
max time network
36s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-09-2024 21:02
Behavioral task
behavioral1
Sample
b17678c9d22eaecef3a090ddc977851794d980b0d1f1692fcee1495ebef835fe.xlsm
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b17678c9d22eaecef3a090ddc977851794d980b0d1f1692fcee1495ebef835fe.xlsm
Resource
win10v2004-20240802-en
General
-
Target
b17678c9d22eaecef3a090ddc977851794d980b0d1f1692fcee1495ebef835fe.xlsm
-
Size
92KB
-
MD5
329833137d90521302de60e5a258650d
-
SHA1
2e499f41aa95656d841329b82ab7a92341a60103
-
SHA256
b17678c9d22eaecef3a090ddc977851794d980b0d1f1692fcee1495ebef835fe
-
SHA512
3fb55a28b4924081cc84bd7fd25eea881c22cfa2f5d980d4e8bebb8f4f4cb314bb0d03ab11e1f13639d8dd4f4318d732bc5accd0932cdc0e4ef230a806cb103a
-
SSDEEP
1536:CguZCa6S5khUIR2IzEN4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIbFq:CgugapkhlR2taPjpM+d/Ms8ULavLcb
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1444 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE 1444 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\b17678c9d22eaecef3a090ddc977851794d980b0d1f1692fcee1495ebef835fe.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1444
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize3KB
MD52c4ab997db0293c9b794be2b15267575
SHA13d320c650ac2127a279b354122e73b529af61992
SHA2563cb88857131406ab9bb062f9becf373e2b9c7b5584759ebea6af29f28a7e0991
SHA512b1c4b41aa7414c9e05124a95074df63424eb93dcc1ee00cef443271999525299f853375a5414fb252b4f4fb5018b7941d18c67c1210d6c5bae4b6be88b3a6fb7