4903a93b1a6d8ee65dbe3814f910f9c8b71849b793e5af602452973ed54c8530

Analysis

max time kernel
46s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4903a93b1a6d8ee65dbe3814f910f9c8b71849b793e5af602452973ed54c8530.xlsm
Size

92KB
MD5

ffcd408534fbcf6f8b801d25d1594473
SHA1

dcc25e0d05a82582db359310336990d208a8d754
SHA256

4903a93b1a6d8ee65dbe3814f910f9c8b71849b793e5af602452973ed54c8530
SHA512

14777af6163a11f54a51584e871199635ea250c9f408e10ec439e02887a913553361aa7663ed1016ac44783c425f4d437c829992a129d690e144841bcd01349b
SSDEEP

1536:CguZCa6S5khUIlgM6oY4Rq94znOSjhLqxMUH9Ga/M1NIpPkUlB7583fjncFYIICL:CgugapkhllpI4E9aPjpqxvD/Ms8ULav+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1428	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE
1428	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4903a93b1a6d8ee65dbe3814f910f9c8b71849b793e5af602452973ed54c8530.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
d3e4e85fba881166b2b4a1b55589d301

SHA1
8f0f7096f4b2e2ccd56327eeb4976bd2733c983f

SHA256
cbd99e7e91b3abc15524c6b9b08f60b69eebe1e044977eb7dedf13492edb9965

SHA512
239431ecb74458c846c540c15f01102b80b61c23beb114662563f33ebf06faedcd0c7ccdb3af7b4cc281968f0d2ac8f8eb72458695ac1975ae9cbf40dd5fec44

Download Submit
memory/1428-8-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-11-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-3-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

Filesize
64KB

Download
memory/1428-6-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-7-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

Filesize
64KB

Download
memory/1428-5-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-4-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

Filesize
64KB

Download
memory/1428-13-0x00007FFD92F00000-0x00007FFD92F10000-memory.dmp

Filesize
64KB

Download
memory/1428-2-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

Filesize
64KB

Download
memory/1428-10-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-0-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

Filesize
64KB

Download
memory/1428-9-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-12-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-14-0x00007FFD92F00000-0x00007FFD92F10000-memory.dmp

Filesize
64KB

Download
memory/1428-60-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-75-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-147-0x00007FFDD548D000-0x00007FFDD548E000-memory.dmp

Filesize
4KB

Download
memory/1428-148-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-149-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-150-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-151-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-152-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

Filesize
2.0MB

Download
memory/1428-1-0x00007FFDD548D000-0x00007FFDD548E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads