Analysis
-
max time kernel
47s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:05
Behavioral task
behavioral1
Sample
4647b50ed71f9e1ab47db0ad95da6c9450e39c74cd2c674fc2543f830ade06bc.xlsm
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
4647b50ed71f9e1ab47db0ad95da6c9450e39c74cd2c674fc2543f830ade06bc.xlsm
Resource
win10v2004-20241007-en
General
-
Target
4647b50ed71f9e1ab47db0ad95da6c9450e39c74cd2c674fc2543f830ade06bc.xlsm
-
Size
92KB
-
MD5
ffa461a7ecfcee1874b7b8e1608bc037
-
SHA1
8a3271a002a911c5d3e71546e5a095f33581b3c9
-
SHA256
4647b50ed71f9e1ab47db0ad95da6c9450e39c74cd2c674fc2543f830ade06bc
-
SHA512
cd9b3bf2fc039aa4332f5f329fa698119406f9554726178e24d9233f6fc77d7c79340f53d0a433150449d9429024911b0eddb915d450c64f79b4dadc14c86b3e
-
SSDEEP
1536:CguZCa6S5khUIT6NvPzId4znOSjhLqxMUH9Ga/M1NIpPkUlB7583fjncFYIIp+F/:CgugapkhlT6J6aPjpqxvD/Ms8ULavLch
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 3400 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE 3400 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\4647b50ed71f9e1ab47db0ad95da6c9450e39c74cd2c674fc2543f830ade06bc.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize674B
MD5a5b5ff969bd86faec2aa38d07e611aa2
SHA13784139cd0654ed070d2e036b4e5bd4ffd7a5ad7
SHA2565df11fb6f5cd66bbc4f15362ec58c557dfab89505c5d872d8ec0f550e190093f
SHA512084dad851d2cd8962df3438d645e37d66d9c1ca47614054ba3a6d46210eb1571b28b76fe41e22412bddd15e675fcaf0bfc1cec9afb8d971acbc785c6c676ebc9