fb7f6f73a5d63de59e09f179deecddff08577230671bb5005c8b1f37ca62a8de

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2024, 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb7f6f73a5d63de59e09f179deecddff08577230671bb5005c8b1f37ca62a8de.xls
Size

101KB
MD5

fdf0eaeccf5aa3c7ba8548291966f7b0
SHA1

e06802697e5ab3fe477c98fa61d71af92d0fba03
SHA256

fb7f6f73a5d63de59e09f179deecddff08577230671bb5005c8b1f37ca62a8de
SHA512

c68d7a29539c9b84bd3040eb186055d60eb963e825db7b7c4077c951e28c835794c028a3a7110d443f7e082cb3996acff05858fc323448ca10ec35f0656846bf
SSDEEP

3072:RKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+/bOZzbqkn6RND9fxuss8Oa:RKpb8rGYrMPe3q7Q0XV5xtuE8vG8UM+7

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://decorusfinancial.com/wp-content/7dODakeZZ83fJi/

xlm40.dropper

https://e-kinerja.ntbprov.go.id/aset/sAeaEvaSxGhvnsuFE/

xlm40.dropper

http://facts-jo.com/init/jLQY2FpesnIGi0qHqz/

xlm40.dropper

http://fashionbyprincessmelodicaah.com/4185PINT/jwh2cwjFHLZL/

xlm40.dropper

http://easiercommunications.com/wp-content/yqNxi8IKbRIt7akB/

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4576	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4576	EXCEL.EXE
4576	EXCEL.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4576	EXCEL.EXE
4576	EXCEL.EXE
4576	EXCEL.EXE
4576	EXCEL.EXE
4576	EXCEL.EXE
4576	EXCEL.EXE
4576	EXCEL.EXE
4576	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\fb7f6f73a5d63de59e09f179deecddff08577230671bb5005c8b1f37ca62a8de.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
671B

MD5
00a2a988be0c1c334e72cf4defc2c054

SHA1
81977efe753c47a0151a6c34e8e50eda5bafa329

SHA256
33c34d174fcabf4deec3e49ad726e281eadd73d1a660c616e68aa4f163928f15

SHA512
6e1ec41438a2d64be3e23d7cd25c9b5020cd819bc02949ef51a927668be558538daa5c5a42593790b2075d6a0dc9706e19df3d745ee08060eba77f1b2762157d

Download Submit
memory/4576-14-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-16-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-2-0x00007FFC05F50000-0x00007FFC05F60000-memory.dmp

Filesize
64KB

Download
memory/4576-5-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-6-0x00007FFC05F50000-0x00007FFC05F60000-memory.dmp

Filesize
64KB

Download
memory/4576-9-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-13-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-12-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-1-0x00007FFC45F6D000-0x00007FFC45F6E000-memory.dmp

Filesize
4KB

Download
memory/4576-17-0x00007FFC03EF0000-0x00007FFC03F00000-memory.dmp

Filesize
64KB

Download
memory/4576-3-0x00007FFC05F50000-0x00007FFC05F60000-memory.dmp

Filesize
64KB

Download
memory/4576-18-0x00007FFC03EF0000-0x00007FFC03F00000-memory.dmp

Filesize
64KB

Download
memory/4576-15-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-11-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-10-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-8-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-7-0x00007FFC05F50000-0x00007FFC05F60000-memory.dmp

Filesize
64KB

Download
memory/4576-4-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-35-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-39-0x00007FFC45F6D000-0x00007FFC45F6E000-memory.dmp

Filesize
4KB

Download
memory/4576-40-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-44-0x00007FFC45ED0000-0x00007FFC460C5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-0-0x00007FFC05F50000-0x00007FFC05F60000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads