3342b0a18be89977895326bdb51efaad6ad82a4ca8dbf420300debec0824f607

Analysis

max time kernel
133s
max time network
133s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
15/03/2025, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/Picking.xll
Size

96KB
MD5

3c423a6595086f8c05c9a8c93deca4ae
SHA1

2df46cfc9b72d8b2356077ff70152f15bfe1e9c6
SHA256

228aec6da2103ffac6868cb0cdf37c3b0610d6b89b7627ea7e577c7bee2aff22
SHA512

750a948b7df9f0b7d497574d5a6c45a99e0283886ab458861805e8faa5566d866e74a8258737cf11e44f7b776be4edb70d3e91c15e6a2a1f4c73886292bf7812
SSDEEP

1536:Yj8Vu8CWM8n6GRwmmOg0226fTrw8r9q8w/Oimm84WMgS/ihT/BAMNjqHDkSp78xD:YgvjmGrgU6fTrb4GehWMbqtBAEq5poBt

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2368	EXCEL.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE
2368	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\$TEMP\Picking.xll"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
683B

MD5
3ab54d4913985d4c37c6544fb20c8ad7

SHA1
6731c9240bb7d7497c4a0e5b174b146f06264965

SHA256
d45fdc5c6d00ada34f180e4fb67505bcf672aeb916ea365556d6d261096f39df

SHA512
60e190c9a45f4caee29b5583b2719ed764a2789cc7f2061fe222ab17b4dd498b82452c2de413104b14435ca6f412507e03e84421b123075280cfe83871060d82

Download Submit
memory/2368-16-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-26-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-4-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-7-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-9-0x00007FFA63670000-0x00007FFA63680000-memory.dmp

Filesize
64KB

Download
memory/2368-8-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-6-0x00007FFA63670000-0x00007FFA63680000-memory.dmp

Filesize
64KB

Download
memory/2368-5-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-2-0x00007FFA63670000-0x00007FFA63680000-memory.dmp

Filesize
64KB

Download
memory/2368-14-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-15-0x00007FFA612C0000-0x00007FFA612D0000-memory.dmp

Filesize
64KB

Download
memory/2368-18-0x00007FFA612C0000-0x00007FFA612D0000-memory.dmp

Filesize
64KB

Download
memory/2368-3-0x00007FFA63670000-0x00007FFA63680000-memory.dmp

Filesize
64KB

Download
memory/2368-17-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-13-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-20-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-19-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-22-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-21-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-12-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-11-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-10-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-24-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-25-0x00007FFAA3683000-0x00007FFAA3684000-memory.dmp

Filesize
4KB

Download
memory/2368-1-0x00007FFAA3683000-0x00007FFAA3684000-memory.dmp

Filesize
4KB

Download
memory/2368-27-0x00007FFAA35E0000-0x00007FFAA37E9000-memory.dmp

Filesize
2.0MB

Download
memory/2368-0-0x00007FFA63670000-0x00007FFA63680000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads