559efbba325080aa3177b41ac0fb1daba2543721885756efd5f3a6f287b503e1

Analysis

max time kernel
101s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9.24.24/Lapsed_as of 9.23.24.xls
Size

28KB
MD5

4e8a987fecfa0c8fc2915b2816566ebd
SHA1

b176da02be420614c6d212f6742da8b4bddb1629
SHA256

0e26453d1917c0442a6cdb1f246c3c6c734a3635bbcea3c3298479e9640c5e84
SHA512

926ddd9ecc4714d1eacbdd66de9f2bff41855861c2de75b9108322a0c105ddd865f147f1a0a3ed33c3773bb8246020e9ce126c691f161bcfd96f5329a1ebf486
SSDEEP

768:aPSFsv66g3KnF439NKC54kkGfn+cL2XdEOMwGjrhS:oSFsv66g3KnF439NKC54kkGfn+cL2Xdp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2140	EXCEL.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2140	EXCEL.EXE
2140	EXCEL.EXE
2140	EXCEL.EXE

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\9.24.24\Lapsed_as of 9.23.24.xls"
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2140-1-0x00000000720DD000-0x00000000720E8000-memory.dmp

Filesize
44KB

Download
memory/2140-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2140-2-0x00000000720DD000-0x00000000720E8000-memory.dmp

Filesize
44KB

Download
memory/2140-3-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2140-4-0x00000000720DD000-0x00000000720E8000-memory.dmp

Filesize
44KB

Download