72b0b09f6114190a5cc8e628a2bc581081d83489b02ad2e7c7e5cf6fbce7d2b2

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72b0b09f6114190a5cc8e628a2bc581081d83489b02ad2e7c7e5cf6fbce7d2b2.xls
Size

66KB
MD5

6054b5d65c7124cb7a2c43de68776e32
SHA1

8c386a9bec4fd0a2638e98a3c1a838133456e773
SHA256

72b0b09f6114190a5cc8e628a2bc581081d83489b02ad2e7c7e5cf6fbce7d2b2
SHA512

cc61296d6715244cb6de109163eed43cbd2402b472fb6e9a8d3463a9d0f2cf0050d4c51080895e04964c57c98090d2e13f14eeb0788cf065d79e264b9e504f28
SSDEEP

768:IstjD1b+scl1ENa6A80+b/tpvOGbXbJyrPK3ANY:p1bpclK3/bvxbXw7MAN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5040	EXCEL.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
5040	EXCEL.EXE
5040	EXCEL.EXE
5040	EXCEL.EXE
5040	EXCEL.EXE
5040	EXCEL.EXE
5040	EXCEL.EXE
5040	EXCEL.EXE
5040	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\72b0b09f6114190a5cc8e628a2bc581081d83489b02ad2e7c7e5cf6fbce7d2b2.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
07836d127a270831b388ed40060975c5

SHA1
d65b3a018a7e0053db18150dbb4e3dc71c2e2a6b

SHA256
657ea90b63dd5c649fa7f5b0c96e211b1cd457028e0ae521ddfacbf90a90aad3

SHA512
b824ec6d32a4754cead996b50fef7d842c4ed5bd896cd4a7f677f1d4856fbdf5d68a0be6fd09c5d7b7837604a4361151b00289828e25cde249fabe18e9eae616

Download Submit
memory/5040-22-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-3-0x00007FFD8D390000-0x00007FFD8D3A0000-memory.dmp

Filesize
64KB

Download
memory/5040-14-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-4-0x00007FFD8D390000-0x00007FFD8D3A0000-memory.dmp

Filesize
64KB

Download
memory/5040-10-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-11-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-9-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-13-0x00007FFD8AD50000-0x00007FFD8AD60000-memory.dmp

Filesize
64KB

Download
memory/5040-12-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-8-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-16-0x00007FFD8AD50000-0x00007FFD8AD60000-memory.dmp

Filesize
64KB

Download
memory/5040-15-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-2-0x00007FFD8D390000-0x00007FFD8D3A0000-memory.dmp

Filesize
64KB

Download
memory/5040-1-0x00007FFD8D390000-0x00007FFD8D3A0000-memory.dmp

Filesize
64KB

Download
memory/5040-5-0x00007FFD8D390000-0x00007FFD8D3A0000-memory.dmp

Filesize
64KB

Download
memory/5040-20-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-19-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-18-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-17-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-7-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-6-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-21-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-32-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-33-0x00007FFDCD3AD000-0x00007FFDCD3AE000-memory.dmp

Filesize
4KB

Download
memory/5040-34-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-35-0x00007FFDCD310000-0x00007FFDCD505000-memory.dmp

Filesize
2.0MB

Download
memory/5040-0-0x00007FFDCD3AD000-0x00007FFDCD3AE000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads