Analysis
-
max time kernel
46s -
max time network
34s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:58
Behavioral task
behavioral1
Sample
3810e9d695849560d103b0e0f8b145c1f5bc18faccbeaece1c523ac4333ab716.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3810e9d695849560d103b0e0f8b145c1f5bc18faccbeaece1c523ac4333ab716.xlsm
Resource
win10v2004-20241007-en
General
-
Target
3810e9d695849560d103b0e0f8b145c1f5bc18faccbeaece1c523ac4333ab716.xlsm
-
Size
92KB
-
MD5
89b6db0d028adb2f63886e479d4ebc73
-
SHA1
cbab26e6d09daeb0a1476bcf9384202e26858369
-
SHA256
3810e9d695849560d103b0e0f8b145c1f5bc18faccbeaece1c523ac4333ab716
-
SHA512
52211d424ffddc3e1b605e015ef9923579b6efd5e2d24fa17d960ce985c063beafee180c625011b5f44506679fdbbb7564feaeb26530db36c36f4e2544388c2b
-
SSDEEP
1536:CguZCa6S5khUIfqtVMutfecc4znOSjhLqxMUH9Ga/M1NIpPkUlB7583fjncFYIIx:CgugapkhlfqHMutZcaPjpqxvD/Ms8ULw
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2868 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE 2868 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\3810e9d695849560d103b0e0f8b145c1f5bc18faccbeaece1c523ac4333ab716.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD54dc80f4e7373adf73acd20ebd5726f4c
SHA1bb3f815a4dde4a5e0b512be99e9a04ef1fcc3a3c
SHA25671917af4608d0fadb327824e9125e5fb8ab42df5f22ee9e1ddc8ffbe59be6d77
SHA512634db4b363cead3972825e826b64c526f94d384cb8ad0b267d1cc07476aa6b2341e93930030cf077df90c5b22a4f0f569f0b4b5822efd290b0200f2ef229f7ca