9f8e9ff77447d4c5982fac0729af52bc2c02f992a2b236eff6935d2282a273ba

Analysis

max time kernel
47s
max time network
34s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-12-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f8e9ff77447d4c5982fac0729af52bc2c02f992a2b236eff6935d2282a273ba.xls
Size

371KB
MD5

cbf8a1efc4ee82a2ceb227aa4f809a41
SHA1

8c3999c0556241d808e5fd66c24227af208f5d78
SHA256

9f8e9ff77447d4c5982fac0729af52bc2c02f992a2b236eff6935d2282a273ba
SHA512

a914de5017403e02d5608ade64238f92b46fc5ba4f3573b856aca2f3e543367c681731752f8477783ae797bfba7de438d276b0bcd578d7b6c0c298a799081a7f
SSDEEP

6144:xxEtjPOtioVjZUGGnwfDlavx+W+LIfnAlnzOUL1cMQTciFEcLGRk8gpJgtaqviGz:PnzOUL1cMQQADptSEdqFP9mSizYf/xv

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1220	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE
1220	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\9f8e9ff77447d4c5982fac0729af52bc2c02f992a2b236eff6935d2282a273ba.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
a0081638c4b5e329dbe906bd4bfb02e1

SHA1
5d1fd5819b3ce6db953ae6853a10367a49b486ba

SHA256
a6f1c4571588c84e9e45e01b318a378ecd6f033025b75823ddaa5a78d5a7c605

SHA512
3a539f9a177b15a837c2809fad35438259a8fd88ae73782e8d4bec31c3b9e97c2ab21c6bac23c619fa7bb37a3fc8e5d298d79f2516148ac904068ec1f74b0841

Download Submit
memory/1220-8-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-2-0x00007FF81F5B0000-0x00007FF81F5C0000-memory.dmp

Filesize
64KB

Download
memory/1220-14-0x00007FF81D550000-0x00007FF81D560000-memory.dmp

Filesize
64KB

Download
memory/1220-15-0x00007FF81D550000-0x00007FF81D560000-memory.dmp

Filesize
64KB

Download
memory/1220-5-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-6-0x00007FF81F5B0000-0x00007FF81F5C0000-memory.dmp

Filesize
64KB

Download
memory/1220-9-0x00007FF81F5B0000-0x00007FF81F5C0000-memory.dmp

Filesize
64KB

Download
memory/1220-13-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-12-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-11-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-10-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-1-0x00007FF85F5CD000-0x00007FF85F5CE000-memory.dmp

Filesize
4KB

Download
memory/1220-50-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-3-0x00007FF81F5B0000-0x00007FF81F5C0000-memory.dmp

Filesize
64KB

Download
memory/1220-4-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-29-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-28-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-30-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-31-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-37-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-38-0x00007FF85F5CD000-0x00007FF85F5CE000-memory.dmp

Filesize
4KB

Download
memory/1220-39-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-40-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-41-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download
memory/1220-0-0x00007FF81F5B0000-0x00007FF81F5C0000-memory.dmp

Filesize
64KB

Download
memory/1220-7-0x00007FF85F530000-0x00007FF85F725000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads