Analysis
-
max time kernel
46s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:19
Behavioral task
behavioral1
Sample
a372be1263f8c94749dd40776238dac09f3d5b74d2485d7c4ae4d6745801f14b.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a372be1263f8c94749dd40776238dac09f3d5b74d2485d7c4ae4d6745801f14b.xlsm
Resource
win10v2004-20241007-en
General
-
Target
a372be1263f8c94749dd40776238dac09f3d5b74d2485d7c4ae4d6745801f14b.xlsm
-
Size
92KB
-
MD5
241a61fc751164bc4d01fc471f39c473
-
SHA1
a3984d943520048251225ab2410885cdcad53e96
-
SHA256
a372be1263f8c94749dd40776238dac09f3d5b74d2485d7c4ae4d6745801f14b
-
SHA512
88f261a4b97505510a8e74151388fd10fb8db7b4339597bc996f1c31f0823e28b8335d925b90bb22bc4413aced472be13d491e5163168c31cf8ccde888bec9c7
-
SSDEEP
1536:CguZCa6S5khUIMmwiisU9is4znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIILuOFd:CgugapkhlM1iiZ9isaPjpM+d/Ms8ULaN
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4404 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE 4404 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\a372be1263f8c94749dd40776238dac09f3d5b74d2485d7c4ae4d6745801f14b.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize1KB
MD5d806869ac71c58013b93d13df9ad3bc8
SHA1da5c1eb8744b0b21eab373cf3e1726499951b6d7
SHA25613d9d97bf5cc13b6c1d24351efb450c4ccb735c50451c07c0147f31ed553a753
SHA51223c962b8777fcf71718eceac35f9f4b4d88973936b56055bc941208829a6b6d991703cb48af0d93725e164919b656537f6523f44745783521559d91b8f1926ad