7ca0acdc3e8b24c2034b2205dbfdf744c903cae7c88b1d09b529991168c05dca

Analysis

max time kernel
133s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IoC/XSG8996380.xls
Size

51KB
MD5

bb5f2b798381cddc1217970139ebf534
SHA1

b03d6f0690781341dc6ae05d4861687b970b02b3
SHA256

d2cabc8f6c991af9e19502355e0d5975ca15099e6cec0da0bd6a8e5510253a2b
SHA512

868e9f97c16ced5409cb7f02db891ecccbded7a0c51baaac3bcdeabc3c8d91a6376589e19ea67f1094ffce0dff38d8787ee919a4fe1ab4daa0135976e19075e6
SSDEEP

1536:JsQlYkEIbSkKBEqEXPgsRZmbaoFhZhR0cixIHm0Ks4aIajL+msiV2:JhlYkEIuPm3fNRZmbaoFhZhR0cixIHm3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3792	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3792	EXCEL.EXE
3792	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE
3792	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\IoC\XSG8996380.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
0eb5b1247d963e4d110d0c614b463f6c

SHA1
ba07bcc5e1e4ebdcf361b1311211c21231a3b0c8

SHA256
d54c96240493dbcaa2ffc9a4586ceac048adce2aee33001f791b6bfa02f46b1a

SHA512
92b5fc0a6864564acdd6cbdd6c33dfaa92081a8060ccd421491b408345223b9b2e8204d028bda679875e76a5241d4d47cf1a584c75bbb38c30e64d3f13d18fdf

Download Submit
memory/3792-12-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-48-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-17-0x00007FFA76890000-0x00007FFA768A0000-memory.dmp

Filesize
64KB

Download
memory/3792-22-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-21-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-23-0x00007FFA76890000-0x00007FFA768A0000-memory.dmp

Filesize
64KB

Download
memory/3792-20-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-19-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-18-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-16-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-15-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-14-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-6-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-9-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-4-0x00007FFA78C10000-0x00007FFA78C20000-memory.dmp

Filesize
64KB

Download
memory/3792-10-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-8-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-7-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-11-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-3-0x00007FFA78C10000-0x00007FFA78C20000-memory.dmp

Filesize
64KB

Download
memory/3792-2-0x00007FFA78C10000-0x00007FFA78C20000-memory.dmp

Filesize
64KB

Download
memory/3792-1-0x00007FFA78C10000-0x00007FFA78C20000-memory.dmp

Filesize
64KB

Download
memory/3792-0-0x00007FFAB8C2D000-0x00007FFAB8C2E000-memory.dmp

Filesize
4KB

Download
memory/3792-47-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-46-0x00007FFAB8C2D000-0x00007FFAB8C2E000-memory.dmp

Filesize
4KB

Download
memory/3792-5-0x00007FFA78C10000-0x00007FFA78C20000-memory.dmp

Filesize
64KB

Download
memory/3792-49-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download
memory/3792-13-0x00007FFAB8B90000-0x00007FFAB8D85000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads