250dd49463bef0ec8fd03d4d1311a001ddccd84b47a01b2b74624f5e9c794b0f

Analysis

max time kernel
139s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nowy folder/apt/ieee-data/oui36.csv
Size

30B
MD5

387c27ab603468e6e695a7d67a0315a5
SHA1

cb65a3f1629b2d75042aaba9c65da9174a9905a2
SHA256

4874244f60fa54310865244eabbfdcdeef67e4ea3a173bbaa4d185d5b4b664bc
SHA512

07c4673c6942023dfdc9ed10cbfdf9d51e05d51c8aa3a8921a8b7bd39e7af093b8ee4583a11ee30bd8a848ea5705d60dfecf27f96060dfe935a093ed291307d8

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3120	EXCEL.EXE

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE
3120	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Nowy folder\apt\ieee-data\oui36.csv"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
2KB

MD5
717d46661018139eb7884568f618ff6e

SHA1
2cfd73ac89a2d1be40156df810261ea031ab0852

SHA256
8ad1e0bc51d7cfe60652c96ffd01ec02ce3da432865e503704242b8017f2d315

SHA512
e03611c18eba7d747a0d9f31514973538f5fbade3ce913ad369af4d98e3aa5071bdb55d02bf75065fcc98280bf81adeeda38a6cc9dc1343ffe51aed74abbae53

Download Submit
memory/3120-13-0x00007FFCA6070000-0x00007FFCA6080000-memory.dmp

Filesize
64KB

Download
memory/3120-6-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-12-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-7-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-14-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-5-0x00007FFCA82F0000-0x00007FFCA8300000-memory.dmp

Filesize
64KB

Download
memory/3120-1-0x00007FFCA82F0000-0x00007FFCA8300000-memory.dmp

Filesize
64KB

Download
memory/3120-15-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-9-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-11-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-10-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-2-0x00007FFCA82F0000-0x00007FFCA8300000-memory.dmp

Filesize
64KB

Download
memory/3120-8-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-3-0x00007FFCE830D000-0x00007FFCE830E000-memory.dmp

Filesize
4KB

Download
memory/3120-0-0x00007FFCA82F0000-0x00007FFCA8300000-memory.dmp

Filesize
64KB

Download
memory/3120-16-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-17-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-19-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-18-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-21-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-20-0x00007FFCA6070000-0x00007FFCA6080000-memory.dmp

Filesize
64KB

Download
memory/3120-22-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-23-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-33-0x00007FFCE8270000-0x00007FFCE8465000-memory.dmp

Filesize
2.0MB

Download
memory/3120-4-0x00007FFCA82F0000-0x00007FFCA8300000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads