72a7b8fe4b8401120124e8f9460bfd457fbf76b70a0c057b58ff271c5b2aadca

Resubmissions

14-10-2024 12:50

241014-p2y52swdmh 10

14-10-2024 12:48

241014-p11mgs1ajn 3

14-10-2024 12:42

241014-pxkrvswbpf 3

Analysis

max time kernel
21s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AvastSvcZEg/AvastSvc.exe
Size

60KB
MD5

a72036f635cecf0dcb1e9c6f49a8fa5b
SHA1

049813b955db1dd90952657ae2bd34250153563e
SHA256

85ca20eeec3400c68a62639a01928a5dab824d2eadf589e5cbfe5a2bc41d9654
SHA512

e3582e0969361d272c2469ce139ec809b9b0ac98fbc5eb5bb287442aed4c6ba69ed8175b68970751c93730cfaf07b75c3bc5e4e24aeda8f984b24f33bb8e3da2
SSDEEP

768:Q/WQ3/TymxfsHYPry0bgYh3LKgMoCDGFh9D:Q+QvT7xUHYPDbgYVLWofD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4068	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE
4068	EXCEL.EXE

C:\Windows\system32\cmd.exe
cmd /c /q C:\Users\Admin\AppData\Local\Temp\AvastSvcZEg\AvastSvc.exe 567 51
1⤵
PID:4160

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SelectExpand.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
243B

MD5
40c4be81c85f71e0712b9683c51c3ea9

SHA1
c0d160a443029583ebbdc165e55640f12adf102e

SHA256
6d66d161710241400f3d70cf5c648a7787cd461f51262ac7e9257e6bc828f6a8

SHA512
ca0d2f4f2242ebcce329e011dcaf58c9f7ad15d2f8130f130b3653a881620a69f31be61e72dce25c10b197af9aaf05e5d2af9f686b50350510bcf05d74fafb48

Download Submit
memory/4068-6-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-57-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-2-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-8-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-7-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-4-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-10-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-11-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-12-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-9-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-58-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-3-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-18-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-16-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-5-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-17-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-15-0x00007FF819DD0000-0x00007FF819FC5000-memory.dmp

Filesize
2.0MB

Download
memory/4068-14-0x00007FF7D7BF0000-0x00007FF7D7C00000-memory.dmp

Filesize
64KB

Download
memory/4068-0-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-54-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-56-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-1-0x00007FF819E6D000-0x00007FF819E6E000-memory.dmp

Filesize
4KB

Download
memory/4068-55-0x00007FF7D9E50000-0x00007FF7D9E60000-memory.dmp

Filesize
64KB

Download
memory/4068-13-0x00007FF7D7BF0000-0x00007FF7D7C00000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads