648eb3dd8252073b53f16887084c5415f56e90877aee69d29393efe1382679b4

Analysis

max time kernel
133s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eicar-standard-antivirus-test-files/eicar-excel-macro-write-file.xls
Size

31KB
MD5

d8671538a60e6aba3eede8cf428edcad
SHA1

44b6261d9d2c57335765f06c939b9700ab6d89bb
SHA256

512d01f64456a25b96770af87d52a499bafb1b28a125a2a489f931b4217f3381
SHA512

e466df9019c89591839229e7711ec4a59359258edcb8d481371f21a19e0b0298ee5ad1ec27a06a5759d48dbe9db836ee36c8da9e52974fc07b482440d8862d84
SSDEEP

768:1ck3hOdsylKlgryzc4bNhZFGzE+cL2knAJGOiC3RrgGB0amDJaP:ak3hOdsylKlgryzc4bNhZFGzE+cL2knU

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1312	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE
1312	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\eicar-standard-antivirus-test-files\eicar-excel-macro-write-file.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
c635ba67e82c4f699e550b7de03d6854

SHA1
9124a780014e5f55641a3a208382c97e7aa4d9af

SHA256
4caa11fb78aa0034f831e300f01a2955a3694aaea1f061509550525e981d0eb0

SHA512
1045d8b4681a0927d23dadec784f8008565fe29cc8b8f2bb6f2b512751a2be3490a607077089182e722fa0b70db5f6a1446cfb340584a228ec9ae4d37fddf359

Download Submit
memory/1312-18-0x00007FFC97B60000-0x00007FFC97B70000-memory.dmp

Filesize
64KB

Download
memory/1312-9-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-3-0x00007FFC9A290000-0x00007FFC9A2A0000-memory.dmp

Filesize
64KB

Download
memory/1312-11-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-2-0x00007FFC9A290000-0x00007FFC9A2A0000-memory.dmp

Filesize
64KB

Download
memory/1312-13-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-14-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-16-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-15-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-12-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-17-0x00007FFC97B60000-0x00007FFC97B70000-memory.dmp

Filesize
64KB

Download
memory/1312-1-0x00007FFCDA2AD000-0x00007FFCDA2AE000-memory.dmp

Filesize
4KB

Download
memory/1312-7-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-4-0x00007FFC9A290000-0x00007FFC9A2A0000-memory.dmp

Filesize
64KB

Download
memory/1312-10-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-5-0x00007FFC9A290000-0x00007FFC9A2A0000-memory.dmp

Filesize
64KB

Download
memory/1312-8-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-0-0x00007FFC9A290000-0x00007FFC9A2A0000-memory.dmp

Filesize
64KB

Download
memory/1312-29-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-30-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-31-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-37-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-38-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-39-0x00007FFCDA2AD000-0x00007FFCDA2AE000-memory.dmp

Filesize
4KB

Download
memory/1312-40-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-41-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-6-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-50-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download
memory/1312-51-0x00007FFCDA210000-0x00007FFCDA405000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads