a3678a0eaeee8b0ebcd9a3b814f5c7a655017c7318de96c356740a70850646a2

Analysis

max time kernel
46s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 21:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a3678a0eaeee8b0ebcd9a3b814f5c7a655017c7318de96c356740a70850646a2.xlsm
Size

92KB
MD5

f75eb0b4a3d42fada6d9231e135b87cf
SHA1

d4663a9efb619e77f2048661b3b1b17ff26592a8
SHA256

a3678a0eaeee8b0ebcd9a3b814f5c7a655017c7318de96c356740a70850646a2
SHA512

4a6e79eb035fd3d908008277e6e227eed3d2884b0051d91d9314f6060c0d27ed88f4d82eb7fe0565c1e0c1a26602a7c9dc94421dfe79d47e09ca637e1429f541
SSDEEP

1536:CguZCa6S5khUIOpB5c4+4znOSjhLqxMUH9Ga/M1NIpPkUlB7583fjncFYIIwiFFO:Cgugapkhlc2aPjpqxvD/Ms8ULavLc2O

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
640	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE
640	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\a3678a0eaeee8b0ebcd9a3b814f5c7a655017c7318de96c356740a70850646a2.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
1aff12b813c3990c631038af7f9afbbc

SHA1
d4bb6ff9c6e97104411acc5a75f143c96304580c

SHA256
e34baf6cc835d1a1e1220d796d62cdeef70c6997c9a4cf375581963927100cd1

SHA512
b918dcdd78d914c1bca3c9b209384efb2fb6fc667a8e9c5cd352e7506855e3330b43edc5ab7bfb512b9eb5c04629630b1d49b0d7049a4c019d22718935099069

Download Submit
memory/640-14-0x00007FFB63EB0000-0x00007FFB63EC0000-memory.dmp

Filesize
64KB

Download
memory/640-9-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-1-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/640-2-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/640-5-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-11-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-10-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-13-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-4-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/640-12-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-0-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/640-15-0x00007FFB63EB0000-0x00007FFB63EC0000-memory.dmp

Filesize
64KB

Download
memory/640-8-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-7-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-6-0x00007FFB66270000-0x00007FFB66280000-memory.dmp

Filesize
64KB

Download
memory/640-80-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-147-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-151-0x00007FFBA61F0000-0x00007FFBA63E5000-memory.dmp

Filesize
2.0MB

Download
memory/640-3-0x00007FFBA628D000-0x00007FFBA628E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads