Analysis
-
max time kernel
46s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:20
Behavioral task
behavioral1
Sample
deaed5eb14eac83c2d6af95ab1e9c338c6567f84a74b15cd370c1a4bf1d987fa.xlsm
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
deaed5eb14eac83c2d6af95ab1e9c338c6567f84a74b15cd370c1a4bf1d987fa.xlsm
Resource
win10v2004-20241007-en
General
-
Target
deaed5eb14eac83c2d6af95ab1e9c338c6567f84a74b15cd370c1a4bf1d987fa.xlsm
-
Size
92KB
-
MD5
8a66f9fb5db3e65f7c81842f5e5ea27b
-
SHA1
78eff98a14fe43671bb28786d19575d8f6ada614
-
SHA256
deaed5eb14eac83c2d6af95ab1e9c338c6567f84a74b15cd370c1a4bf1d987fa
-
SHA512
042e5a25e686cced9b63d7083b6ff22afcc68d6d32c43609355bcc104dfc6f7d6c1ab404de8f91b218b15db40c7ca8015fa7632ba2ac55f61965eddec4ab1bcb
-
SSDEEP
1536:CguZCa6S5khUI1ZWOpKYv44znOSjhLM+vGa/M1NIpPkUlB7583fjncFYIIp2FT:Cgugapkhl1ZppKLaPjpM+d/Ms8ULavLW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4128 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE 4128 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\deaed5eb14eac83c2d6af95ab1e9c338c6567f84a74b15cd370c1a4bf1d987fa.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4128