ead2a5b904caee8242bbf90319c83e66d0f7ccc1a6a3e178419691f3fe50967f

Analysis

max time kernel
61s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12/12/2024, 18:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

վǰ־Ը/.xls
Size

17KB
MD5

533443b46f4dbc7942ab9baa1912bfea
SHA1

c1d24d658ddd99ae4b00aac3cd46e26ae9b54a19
SHA256

64a4d6c18c3f4d441db300644c9397fbd1f7cdbd143255b223c6b3ec93a69fb1
SHA512

02e01ee1449175c1281be8c5ef39c24ad035600b8ea217b94810dbc22bda2e2596226a5806af16dab05dc2b50cca18555a724ca4631320062c88fca74fbc8848
SSDEEP

384:KBBBRHNLrixFbjMw8eIT8M7gsuaSFHQZ/eZ/UCZfTQb8S/JoX/Ap/ZTjcuM/hw7r:KBBBRHNLrixFbjMw8eIT8M7g+ZTjcHA7

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE

Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2336	EXCEL.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2336	EXCEL.EXE
2336	EXCEL.EXE
2336	EXCEL.EXE

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\վǰ־Ը\.xls
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2336-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2336-1-0x00000000727CD000-0x00000000727D8000-memory.dmp

Filesize
44KB

Download
memory/2336-2-0x00000000727CD000-0x00000000727D8000-memory.dmp

Filesize
44KB

Download