Analysis
-
max time kernel
133s -
max time network
113s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2025, 12:04
Behavioral task
behavioral1
Sample
accounting_report.xlsm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
accounting_report.xlsm
Resource
win10v2004-20250314-en
General
-
Target
accounting_report.xlsm
-
Size
11KB
-
MD5
8920504a64d65d563bcd720c73c3624f
-
SHA1
55c209a5d91d8d1293076a1f7a10a3e9462d266b
-
SHA256
ebdd157d2572eeaa3931119cdce84780d07309283168bde207d31217819f2e71
-
SHA512
2a14f7a4d4f441f30b15930d27976e9e338b3c87f9d3dbade94e6bf9d1c1398c5054d5c4298cbbf9a384f3ba373f318cab359deb217cb3d77ef659ae90ce0111
-
SSDEEP
192:dhhNK35v9wuMHABh9lVGkBe+ZG1HIFbkNl8g2TiBX5smoNMOpocMz7vQhsMCCGTN:dDAJagj9lVG+81HIslOiBpbYMOpoF7vv
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1556 EXCEL.EXE -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE 1556 EXCEL.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\accounting_report.xlsm"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
Filesize2KB
MD5e6542913d97b8b6d584f29241f4fd04d
SHA117a1e841e74bf035f07a7a2875ea80cddc8b7735
SHA256a6604c44b4f85e4100b9bcf3741672abf32e5a162309a9608e3084898993e028
SHA512a06d78b8a392944377d0be663364c455b02d2566e8e8984ecfe6b0ec22b1ebb6a9619d248ae2ad36df7a9909a9cf57fef94f0c4616473572f072b528ca7f4237