9cf979d335b81e468e3633440256030be7723c5d5fb1bbcc7d016ea6ec539276

Analysis

max time kernel
133s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9.xlsm
Size

52KB
MD5

7595dc40f4afafd883b97b2690c04fe0
SHA1

0e7b3cc495b0e570cc61a19ee27b7fab133a069a
SHA256

42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9
SHA512

47e1fc418f81809cd91dcdcf377a0acf85135cd67bc97a239ee3845516c585e1e29ee12ffa7a60b451d7e3568a818f80f17265756c666335d3b9769adc038520
SSDEEP

1536:4MB1cciQkfzdjhJzBLCO7OJAgeSURsxhfwkWQAyk:4MB1c/dzBmK+xWIk

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

http://invoice7mukszq9nbpa7online.ru/unfeminized.exe

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5980	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE
5980	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\42b382be2e0f600fcec16ead4440475ffa839ed56724ef960b24f2affda4afb9.xlsm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
f7e6bfde660f1322869cd98b2d480f00

SHA1
4a8e087dd6258b7c737c55753934c6d4a5dceca4

SHA256
433750db0e86900e4f9b0bea418ef47ce3de45725e5e8ecd938cd98d3de7a924

SHA512
3ec5625a857a733aef86c802c32a7dcf859b436486257360260d1f467fa187e3abba0ea8683f36263d68cc9dfe220e01514c1e24ce21f99a724e192686cf94ab

Download Submit
memory/5980-5-0x00007FFD0E690000-0x00007FFD0E6A0000-memory.dmp

Filesize
64KB

Download
memory/5980-13-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-1-0x00007FFD4E6AD000-0x00007FFD4E6AE000-memory.dmp

Filesize
4KB

Download
memory/5980-6-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-7-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-8-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-10-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-11-0x00007FFD0C1F0000-0x00007FFD0C200000-memory.dmp

Filesize
64KB

Download
memory/5980-9-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-2-0x00007FFD0E690000-0x00007FFD0E6A0000-memory.dmp

Filesize
64KB

Download
memory/5980-4-0x00007FFD0E690000-0x00007FFD0E6A0000-memory.dmp

Filesize
64KB

Download
memory/5980-16-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-0-0x00007FFD0E690000-0x00007FFD0E6A0000-memory.dmp

Filesize
64KB

Download
memory/5980-17-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-15-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-14-0x00007FFD0C1F0000-0x00007FFD0C200000-memory.dmp

Filesize
64KB

Download
memory/5980-12-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-27-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-28-0x00007FFD4E6AD000-0x00007FFD4E6AE000-memory.dmp

Filesize
4KB

Download
memory/5980-29-0x00007FFD4E610000-0x00007FFD4E805000-memory.dmp

Filesize
2.0MB

Download
memory/5980-3-0x00007FFD0E690000-0x00007FFD0E6A0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads