7ca0acdc3e8b24c2034b2205dbfdf744c903cae7c88b1d09b529991168c05dca

Analysis

max time kernel
133s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IoC/680589798891.xls
Size

67KB
MD5

c5901f0f22f4e65d9dfa52cfc7dd3523
SHA1

b67db8419e593586484c44915f98efe0cc56a991
SHA256

0faab5c7822aa460690804fe07ad3d40a7fc07667e7034912f22431db65bcb4b
SHA512

a92332b1e2515889cc13c939b1a372f2799e11d4e595e3199e5579e1c357bff8b3be36641b113916475a7dbb6fc05b8f29f97f2710f04830893f3032938ff924
SSDEEP

1536:LsQlYkEIbSkKBEqEXPgsRZmbaoFhZhR0cixIHm0nRDbxsh8xg4aSm1wm3arV5:LhlYkEIuPm3fNRZmbaoFhZhR0cixIHmy

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1740 EXCEL.EXE
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

EXCEL.EXE

pid process

1740 EXCEL.EXE
1740 EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

EXCEL.EXE

pid	process
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE
1740	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\IoC\680589798891.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
d6a8751247b907a05fe4c5e591a7329e

SHA1
e04fa6f11939152ac76fc1f5e593ce5dae258319

SHA256
1b3914a8e1640456acd4463618ecec0fa7ae9ddeae317220fa766be5f2974082

SHA512
9ba04fa5148d0bcde255d723a2b9c0533b0c2bd996fe8d5221dfed146f90fac0e895395689530a935f31878b0f70b825cd0fab1ce0211aaeeaaae23844ecf51c

Download Submit
memory/1740-12-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-2-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/1740-14-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-4-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-5-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-6-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/1740-7-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-8-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-16-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-1-0x00007FFD2908D000-0x00007FFD2908E000-memory.dmp

Filesize
4KB

Download
memory/1740-0-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/1740-3-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/1740-10-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-17-0x00007FFCE6E20000-0x00007FFCE6E30000-memory.dmp

Filesize
64KB

Download
memory/1740-15-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-18-0x00007FFCE6E20000-0x00007FFCE6E30000-memory.dmp

Filesize
64KB

Download
memory/1740-11-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-9-0x00007FFCE9070000-0x00007FFCE9080000-memory.dmp

Filesize
64KB

Download
memory/1740-46-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-47-0x00007FFD2908D000-0x00007FFD2908E000-memory.dmp

Filesize
4KB

Download
memory/1740-48-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download
memory/1740-13-0x00007FFD28FF0000-0x00007FFD291E5000-memory.dmp

Filesize
2.0MB

Download