73aea343c9343bc8a1d6e76cc5d856c4051bdd8ac7bf48b393a82ed2e06693b1

General

Target

overrides/mods/worldedit-mod-7.2.15.jar
Size

5.6MB
MD5

bd0e7cff7896348faab92e43300d0639
SHA1

9c52765ca56f917ef8cbafc20e9a4f45c346508f
SHA256

17db6b3e94f52d25426684663e1e1846823cbb7907f1c365ac329e5bc7bfaf2c
SHA512

2c41dcd9a622f948ed5409eecc485018fbf274945bdd1a9c0fdf4c4954f9a47dc311e6e0f9e445180d8b771e4a40947533d67bd66feb4ab8c8f87c2880dba7ef
SSDEEP

98304:wgOZVsn8FBpZbum0Rf7EM/VNcurMbKsMnvZAvLcEGmv60eZcMdBXPN3TkOzit:wgOZW8lZqpRfQM97rMjMvZAzcEJB8cMc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1932	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE
1932	EXCEL.EXE

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\overrides\mods\worldedit-mod-7.2.15.jar
1⤵
PID:3164

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\RepairSet.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
208B

MD5
0bb60c7ae1d2cf4fec15bb22c92e7f1f

SHA1
5f7c1cc6209f4519f624c9520b02fb1f206da980

SHA256
a352d84b1115fda31bed47cef95c1ade3105f508eefb50bcf892a6a1d1f40518

SHA512
296c33776f744aaf6a700f207750eeabc37630238b9a836b1736830d783ad32755da78c6f75ebdbe5576593ba74ecb7fcd76930c829f84188ed90bc64048e2b0

Download Submit
memory/1932-28-0x00007FFE53F30000-0x00007FFE53F40000-memory.dmp

Filesize
64KB

Download
memory/1932-21-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-14-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-26-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-16-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-17-0x00007FFE964E3000-0x00007FFE964E4000-memory.dmp

Filesize
4KB

Download
memory/1932-22-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-29-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-20-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-19-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-15-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-13-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-23-0x00007FFE53F30000-0x00007FFE53F40000-memory.dmp

Filesize
64KB

Download
memory/1932-33-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-27-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-71-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-18-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-69-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-25-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-36-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-37-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-35-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-34-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-32-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-31-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-30-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-24-0x00007FFE96440000-0x00007FFE96649000-memory.dmp

Filesize
2.0MB

Download
memory/1932-70-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-67-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/1932-68-0x00007FFE564D0000-0x00007FFE564E0000-memory.dmp

Filesize
64KB

Download
memory/3164-11-0x0000016158980000-0x0000016158981000-memory.dmp

Filesize
4KB

Download
memory/3164-12-0x000001615A150000-0x000001615A3C0000-memory.dmp

Filesize
2.4MB

Download
memory/3164-2-0x000001615A150000-0x000001615A3C0000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads