9777aa581e47a650868f58617d3b9693cf1fe269202fe66fe58ebc39e9276695

Analysis

max time kernel
133s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22e548e51e503a2413dd76d786eda4be774723cc305d155318a1e525c18a26a7.xll
Size

1.5MB
MD5

91a1f665769e60d18b69592799448780
SHA1

b7dfb6bb2381bfbf639965d0930a7b34e7cf83fa
SHA256

22e548e51e503a2413dd76d786eda4be774723cc305d155318a1e525c18a26a7
SHA512

5615f2c73e5e40363b817affcea41afd913347f76ad104f4e4acc3d45f207df7d2312e5834c6d88f423ff09051ed8ace1368ea465662c7374a7d3a3ba1926e95
SSDEEP

24576:Mvgy0ZQNOd69dmnX567paBvI7cO+4vVyACfoJQk2A4AhMg9p6w6ilfJW/:Ugcwdy1gBvY+4dqoqk2AigaHilfq

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
448	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE
448	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\22e548e51e503a2413dd76d786eda4be774723cc305d155318a1e525c18a26a7.xll"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
1e90ec35d094816b1ec8615715d5211e

SHA1
2c2933258c52e1c7100e6b1fb6df8c699237dcfd

SHA256
92f09bf4631f05045b39ea1edfba361d2b67fc24582ac8fe3cffa7d156365975

SHA512
df0c5d264a2b04dd97eca783c5c412157a5f0eef705bda458956462b7ad4c20d2fe13b83caec16f2c34ef4308e8a2a2da6e76b9da2b8e788bceedf02c5828ac9

Download Submit
memory/448-14-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-0-0x00007FFB0E9F0000-0x00007FFB0EA00000-memory.dmp

Filesize
64KB

Download
memory/448-11-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-5-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-2-0x00007FFB0E9F0000-0x00007FFB0EA00000-memory.dmp

Filesize
64KB

Download
memory/448-10-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-9-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-8-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-7-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-13-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-3-0x00007FFB0E9F0000-0x00007FFB0EA00000-memory.dmp

Filesize
64KB

Download
memory/448-4-0x00007FFB0E9F0000-0x00007FFB0EA00000-memory.dmp

Filesize
64KB

Download
memory/448-6-0x00007FFB0E9F0000-0x00007FFB0EA00000-memory.dmp

Filesize
64KB

Download
memory/448-16-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-17-0x00007FFB0C8F0000-0x00007FFB0C900000-memory.dmp

Filesize
64KB

Download
memory/448-18-0x00007FFB0C8F0000-0x00007FFB0C900000-memory.dmp

Filesize
64KB

Download
memory/448-12-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-15-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-28-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-30-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-29-0x00007FFB4EA0D000-0x00007FFB4EA0E000-memory.dmp

Filesize
4KB

Download
memory/448-31-0x00007FFB4E970000-0x00007FFB4EB65000-memory.dmp

Filesize
2.0MB

Download
memory/448-1-0x00007FFB4EA0D000-0x00007FFB4EA0E000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads