3342b0a18be89977895326bdb51efaad6ad82a4ca8dbf420300debec0824f607

Analysis

max time kernel
133s
max time network
129s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
15/03/2025, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FilenameDesirable/Greater.xll
Size

70KB
MD5

f1fd84ea9b8e52d3c74b3a2205d704f1
SHA1

f08981533c68337da0fc57093b5f7ca34e8fae1d
SHA256

9b73986db9c06e3c4338546f7e270f8b6c28c376d7b6aa7b626eb966553420a2
SHA512

40e9be86035d27ddfad030f49269ac12c661252731d86276950337337685ba49db5715c2fd4b1c4dfc315f912b805e2efd73554e898a1048a9bbaf3d9e0bbcd7
SSDEEP

1536:tqOkORDUUFFs2TT3dErYwOCt+vLJBlRmYrzaGmyz+mHqvI6kSqlL:t3kbUs+Kz9ETmYq9I+ZSSqlL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4260	EXCEL.EXE

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE
4260	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\FilenameDesirable\Greater.xll"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
6c4cc55bee3849ac333ec011c2a010c0

SHA1
aca85597a0970660c07e81127673c5d15c595d56

SHA256
d029e0e3de138a72efc1e445e57cc071d7f3cb6e7f46dfa98ca8f81196e6a306

SHA512
c57c9653eeecc65538a9734579c4df493870255a490528c3bd1817553e3b19f84278c66a83a08e774cce5a2d1b37f3385a46a956aaf66c9e879b5d51c1f779e0

Download Submit
memory/4260-15-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-25-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-2-0x00007FFABA610000-0x00007FFABA620000-memory.dmp

Filesize
64KB

Download
memory/4260-4-0x00007FFABA610000-0x00007FFABA620000-memory.dmp

Filesize
64KB

Download
memory/4260-17-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-8-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-7-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-6-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-11-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-10-0x00007FFAB7C50000-0x00007FFAB7C60000-memory.dmp

Filesize
64KB

Download
memory/4260-9-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-12-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-3-0x00007FFABA610000-0x00007FFABA620000-memory.dmp

Filesize
64KB

Download
memory/4260-13-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-5-0x00007FFABA610000-0x00007FFABA620000-memory.dmp

Filesize
64KB

Download
memory/4260-16-0x00007FFAB7C50000-0x00007FFAB7C60000-memory.dmp

Filesize
64KB

Download
memory/4260-14-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-19-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-21-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-22-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-23-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-20-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-18-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-1-0x00007FFAFA623000-0x00007FFAFA624000-memory.dmp

Filesize
4KB

Download
memory/4260-26-0x00007FFAFA623000-0x00007FFAFA624000-memory.dmp

Filesize
4KB

Download
memory/4260-27-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-28-0x00007FFAFA580000-0x00007FFAFA789000-memory.dmp

Filesize
2.0MB

Download
memory/4260-0-0x00007FFABA610000-0x00007FFABA620000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads