ac3ef8f7a1c733cd85c171c028ca70e3a9b989bfe0eb8f0d56fbfa1abf996d09

Analysis

max time kernel
46s
max time network
33s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2024, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac3ef8f7a1c733cd85c171c028ca70e3a9b989bfe0eb8f0d56fbfa1abf996d09.xlsm
Size

92KB
MD5

80801c42a9c249e12a970292a6cd7fc1
SHA1

4f4305ebfd396edad26ad6fb8e211e4597b7f025
SHA256

ac3ef8f7a1c733cd85c171c028ca70e3a9b989bfe0eb8f0d56fbfa1abf996d09
SHA512

75274b391182175bb5544be88ca47e4917486df79b07271e6085ed171e34c851a082dab01724b2f0bd3fab784ef1a812d61de96bc6071ba3a86399db726c48d0
SSDEEP

1536:CguZCa6S5khUIMZh4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYII9ZF/:CgugapkhlEhaPjpM+d/Ms8ULavLc4n

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
648	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE
648	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\ac3ef8f7a1c733cd85c171c028ca70e3a9b989bfe0eb8f0d56fbfa1abf996d09.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
8841898e0fc021db24d7149ea2b4f660

SHA1
4fdfd6149e3d4216e001c7216c1a657d142647c4

SHA256
b0cf174490e013cdaa2076086b8d10f6ff4a5ae7df65458556ef145484ddd681

SHA512
6dbf9a8ef871344a900edb34163edeb84978d64dff58416ed2223daeb1f761c623e8968399762918cf25431a45b8aae94b340859f77c22d018da0e2a0279fcf9

Download Submit
memory/648-19-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-8-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-2-0x00007FFCDB270000-0x00007FFCDB280000-memory.dmp

Filesize
64KB

Download
memory/648-4-0x00007FFCDB270000-0x00007FFCDB280000-memory.dmp

Filesize
64KB

Download
memory/648-10-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-11-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-12-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-9-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-15-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-14-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-16-0x00007FFCD9210000-0x00007FFCD9220000-memory.dmp

Filesize
64KB

Download
memory/648-17-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-18-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-1-0x00007FFD1B28D000-0x00007FFD1B28E000-memory.dmp

Filesize
4KB

Download
memory/648-3-0x00007FFCDB270000-0x00007FFCDB280000-memory.dmp

Filesize
64KB

Download
memory/648-21-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-22-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-20-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-13-0x00007FFCD9210000-0x00007FFCD9220000-memory.dmp

Filesize
64KB

Download
memory/648-23-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-7-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-6-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-5-0x00007FFCDB270000-0x00007FFCDB280000-memory.dmp

Filesize
64KB

Download
memory/648-74-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-152-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-153-0x00007FFD1B28D000-0x00007FFD1B28E000-memory.dmp

Filesize
4KB

Download
memory/648-154-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-155-0x00007FFD1B1F0000-0x00007FFD1B3E5000-memory.dmp

Filesize
2.0MB

Download
memory/648-0-0x00007FFCDB270000-0x00007FFCDB280000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads