3a2e31f2844df5cb91eedbf24c0b93de4b0aa08525f733132c2bce0d7ab81acc

Resubmissions

21-12-2024 22:57

241221-2xpr2atjar 10

21-12-2024 20:29

241221-y9xfvsyngy 10

Analysis

max time kernel
55s
max time network
98s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-12-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d.xll
Size

551KB
MD5

8c3611f6e56cb6edf445374ba7b8d6b9
SHA1

15b32a9f730e1828193ed0f0bc09aa150d66916a
SHA256

17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d
SHA512

71954f7e5fb770ea06f97d78fb0510cf2f638f6afc5c0555c62c1b411ccded1a487903a284c0e7921beba0de019995877d7f7f518f39559f72e445e2cb53c89c
SSDEEP

12288:Yn/zjvGHAykHJRLW/4+8bzbBSreM3pqZGDxK:az7GHAzH7jX1GFx

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2020	EXCEL.EXE
2020	EXCEL.EXE

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2020	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2020	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2020	EXCEL.EXE
2020	EXCEL.EXE

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE
2020	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d.xll"
1⤵
- Loads dropped DLL
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d.xll

Filesize
551KB

MD5
8c3611f6e56cb6edf445374ba7b8d6b9

SHA1
15b32a9f730e1828193ed0f0bc09aa150d66916a

SHA256
17286809694b9d22325e29af4e74b2083398de0488d9a96644566c468628554d

SHA512
71954f7e5fb770ea06f97d78fb0510cf2f638f6afc5c0555c62c1b411ccded1a487903a284c0e7921beba0de019995877d7f7f518f39559f72e445e2cb53c89c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
e47852555ac06ae8712216175138d9ce

SHA1
ad610df064577fc18dff55a3079c01b1ce20cd84

SHA256
77d6ee1183368ce3960aa6df39d3ec0746a720d904b94f80d842c33e336bcf0e

SHA512
f33fefba5336ca4ef1b8a74786392d3ccc1910d02097bc16d6bb1f00a0020588dd4924239ff53b08af47080e8ca4988a89d4fdec1dca78ad1c30f0de4625b423

Download Submit
memory/2020-16-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-12-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-6-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-2-0x00007FFDE8170000-0x00007FFDE8180000-memory.dmp

Filesize
64KB

Download
memory/2020-4-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-7-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-9-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-21-0x00000279E3890000-0x00000279E38AC000-memory.dmp

Filesize
112KB

Download
memory/2020-11-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-13-0x00007FFDE5850000-0x00007FFDE5860000-memory.dmp

Filesize
64KB

Download
memory/2020-10-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-8-0x00007FFDE8170000-0x00007FFDE8180000-memory.dmp

Filesize
64KB

Download
memory/2020-14-0x00007FFDE5850000-0x00007FFDE5860000-memory.dmp

Filesize
64KB

Download
memory/2020-22-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-1-0x00007FFDE8170000-0x00007FFDE8180000-memory.dmp

Filesize
64KB

Download
memory/2020-20-0x00000279E22E0000-0x00000279E2383000-memory.dmp

Filesize
652KB

Download
memory/2020-5-0x00007FFDE8170000-0x00007FFDE8180000-memory.dmp

Filesize
64KB

Download
memory/2020-0-0x00007FFDE8170000-0x00007FFDE8180000-memory.dmp

Filesize
64KB

Download
memory/2020-15-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-23-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-24-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-26-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-27-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-25-0x00000279E3A90000-0x00000279E3AC6000-memory.dmp

Filesize
216KB

Download
memory/2020-28-0x00000279E3880000-0x00000279E388E000-memory.dmp

Filesize
56KB

Download
memory/2020-29-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-30-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-36-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-37-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-38-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-39-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-43-0x00007FFE280E0000-0x00007FFE282E9000-memory.dmp

Filesize
2.0MB

Download
memory/2020-3-0x00007FFE28183000-0x00007FFE28184000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads