b33d9e331c5b5e6a463d3be8b0456156459983fa4889009e9ba23e355f8548e5

Analysis

max time kernel
133s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Quotation Sample_398893.xlsx
Size

1.0MB
MD5

1fa0c01f5ce39c3040b272cc0178b526
SHA1

7dcc0072cda211e5af3e025335398691736f7c7d
SHA256

b33d9e331c5b5e6a463d3be8b0456156459983fa4889009e9ba23e355f8548e5
SHA512

2c686ad61500d70ebeeddc04b26bcb6301877960c2dd03fcc4f82dc8344607ee04b33cf06ab9e63e160393a407a5385991cac5ccbfe5d35b6535705bb075bc49
SSDEEP

24576:DsP8ORmk0aZyMRIithugFmoXo0Jf4rkL7cd1AQIRL:DW8ORlZdthugFD4rPLA9

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1244	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE
1244	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Quotation Sample_398893.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
3fceb15e6d9a29680f0d373bafe92f28

SHA1
00bee859445c0bb41b716d0f697418a7dc0c444c

SHA256
2d71c2ef43b197afce85d9769c7631a77243e7cd878e3b37e76344129b87dcab

SHA512
8793ff61811c9e9f64bc17f16c7534580511d442ad849579bd16010df47721b86a7073a93e04e0c40a3a0909e96879d461fc31bfcf67ccde1d2833b861202f68

Download Submit
memory/1244-10-0x00007FF90B350000-0x00007FF90B360000-memory.dmp

Filesize
64KB

Download
memory/1244-24-0x00007FF94DA8D000-0x00007FF94DA8E000-memory.dmp

Filesize
4KB

Download
memory/1244-2-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/1244-5-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-6-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-7-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/1244-4-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/1244-11-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-1-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/1244-3-0x00007FF90DA70000-0x00007FF90DA80000-memory.dmp

Filesize
64KB

Download
memory/1244-9-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-13-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-12-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-14-0x00007FF90B350000-0x00007FF90B360000-memory.dmp

Filesize
64KB

Download
memory/1244-15-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-16-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-23-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-0-0x00007FF94DA8D000-0x00007FF94DA8E000-memory.dmp

Filesize
4KB

Download
memory/1244-25-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download
memory/1244-8-0x00007FF94D9F0000-0x00007FF94DBE5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads