088b9bcf49b2a7e6550cd861266eda50941f892c691a248d353c885a29aaa433

Analysis

max time kernel
137s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3792408618099db73b654704b12c9520d3267c37e50bf9718c2877ec2e65133f.xls
Size

126KB
MD5

a213aa183eb3b0a18b042b197ab86d09
SHA1

bd436b7b38d939c41f88332266e8828374297a70
SHA256

3792408618099db73b654704b12c9520d3267c37e50bf9718c2877ec2e65133f
SHA512

1ab8b5daf1e1a5e94b6ee89f8bdc05d3a30770d580c589cfd78a8456dec2c674b921f336609c0bc52b733f0079369294018b617ad67ec9b07b52c1080c210160
SSDEEP

3072:JCZ+RwPONXoRjDhIcp0fDlaGGx+cLYWxbZZD6tu4vsu:wZ+RwPONXoRjDhIcp0fDlavx+WYWxt9Y

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1296	EXCEL.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1296	EXCEL.EXE
1296	EXCEL.EXE
1296	EXCEL.EXE
1296	EXCEL.EXE
1296	EXCEL.EXE
1296	EXCEL.EXE
1296	EXCEL.EXE
1296	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3792408618099db73b654704b12c9520d3267c37e50bf9718c2877ec2e65133f.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
a0c5e2f2ebee2c061fc356ba41cc00bd

SHA1
2e0090d1e8ef34aac7662d7cb283c4c3aa916ead

SHA256
be20487644d242d490eab4ce9a2d3dca9c2c9c90b801dfa35ec95f65c37dd56e

SHA512
d002cd9d1b6298b406ff1cd29812af849cc2fd7442dbe64a3125319bc646b8db87f0547aabccac98945d508124fdf81cbac8dc12cf7bc5ed5aa2fb181befddda

Download Submit
memory/1296-19-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-34-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-3-0x00007FFF241D0000-0x00007FFF241E0000-memory.dmp

Filesize
64KB

Download
memory/1296-6-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-5-0x00007FFF241D0000-0x00007FFF241E0000-memory.dmp

Filesize
64KB

Download
memory/1296-4-0x00007FFF241D0000-0x00007FFF241E0000-memory.dmp

Filesize
64KB

Download
memory/1296-8-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-9-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-12-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-14-0x00007FFF21870000-0x00007FFF21880000-memory.dmp

Filesize
64KB

Download
memory/1296-13-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-18-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-2-0x00007FFF241D0000-0x00007FFF241E0000-memory.dmp

Filesize
64KB

Download
memory/1296-17-0x00007FFF21870000-0x00007FFF21880000-memory.dmp

Filesize
64KB

Download
memory/1296-11-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-22-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-21-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-20-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-16-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-15-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-10-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-7-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-32-0x00007FFF641ED000-0x00007FFF641EE000-memory.dmp

Filesize
4KB

Download
memory/1296-33-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-1-0x00007FFF241D0000-0x00007FFF241E0000-memory.dmp

Filesize
64KB

Download
memory/1296-35-0x00007FFF64150000-0x00007FFF64345000-memory.dmp

Filesize
2.0MB

Download
memory/1296-0-0x00007FFF641ED000-0x00007FFF641EE000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads