ead2a5b904caee8242bbf90319c83e66d0f7ccc1a6a3e178419691f3fe50967f

Analysis

max time kernel
133s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

վǰ־Ը/־Ը֯Ͷ��.xls
Size

41KB
MD5

2f7ba54b0909926914721cc40ea6f524
SHA1

cc33aa1f76a65596f3fecb9016e28c5f8237fc62
SHA256

9aeaf6cea59ed6214ae4a7d776e3c166b5ee48a8899009d6eb01c1e331316f88
SHA512

9aa73be711f020a46ce39808d345130388ab9a07a81bf518bf0614038d50a8bd7ded386027d2e118184afed8139c28aa98b6ce48b38903b9a332e052266fc8dd
SSDEEP

768:lssssvj7W/A4GpsgyjarQ6uTGTQQeR2CZ95x4whtw0T/i/:lssssvj7W/A4GpsgSarQ6uTGTQQSZ95M

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5092	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5092	EXCEL.EXE
5092	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE
5092	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\վǰ־Ը\־Ը֯Ͷ��.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
89972653c551fed1e9f41e34c22da041

SHA1
2d9ea9f848acf627900e932709ad9fae2d9983b6

SHA256
3cfd70a5ff79471245fddda0d386d0e383f979ffa16a65bc64dc5f4231e09bd2

SHA512
ee1c945edb52ca7e45b64a8d908150e2cf7956c6300203f12c0bc33edaa7d7021681d535c519c26b28106eddaa5e801c6b6c701d5430c0348d4f9c1019e3f715

Download Submit
memory/5092-11-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-31-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-2-0x00007FFD7A7F0000-0x00007FFD7A800000-memory.dmp

Filesize
64KB

Download
memory/5092-5-0x00007FFD7A7F0000-0x00007FFD7A800000-memory.dmp

Filesize
64KB

Download
memory/5092-7-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-6-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-10-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-14-0x00007FFD783A0000-0x00007FFD783B0000-memory.dmp

Filesize
64KB

Download
memory/5092-15-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-13-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-0-0x00007FFD7A7F0000-0x00007FFD7A800000-memory.dmp

Filesize
64KB

Download
memory/5092-3-0x00007FFD7A7F0000-0x00007FFD7A800000-memory.dmp

Filesize
64KB

Download
memory/5092-18-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-19-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-16-0x00007FFD783A0000-0x00007FFD783B0000-memory.dmp

Filesize
64KB

Download
memory/5092-17-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-9-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-8-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-4-0x00007FFD7A7F0000-0x00007FFD7A800000-memory.dmp

Filesize
64KB

Download
memory/5092-29-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-30-0x00007FFDBA80D000-0x00007FFDBA80E000-memory.dmp

Filesize
4KB

Download
memory/5092-1-0x00007FFDBA80D000-0x00007FFDBA80E000-memory.dmp

Filesize
4KB

Download
memory/5092-32-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download
memory/5092-12-0x00007FFDBA770000-0x00007FFDBA965000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads