aa2f7980511024dbcb007e29eb7b10c374d87b1f6f4a6a35f4bdf4ea803fb008

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2025, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CurrentlyCabinets/Arrival.xlm
Size

94KB
MD5

7a3fa9b8062d128ab4c5cfa213d29814
SHA1

c637a2a75dc1fb50f20ba91872d54a230847d69e
SHA256

08b2255b896bc93190dc00963faec730120750c397c55d68f6501179805ed9bd
SHA512

4c4e806936b6f16d03f4f3e6cced0bcabc9141a4dc547a59a6d6ee952321849a9c1cc0a72564e545ec0b75b2143bc95f0fc016db22be98aa25be48adf741409e
SSDEEP

1536:/zI63VfpCINcYbl69kFsQ66cEi9YwmVlLarxzc73nYJ+AZhPjUlUIdWGHR1P59:/zCYblpsscE4Ywm+rJO3nvCGxh59

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5924	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE
5924	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\CurrentlyCabinets\Arrival.xlm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5924

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
682B

MD5
94ef1215b3bc507cf11f84776b59f570

SHA1
f770edf41148b770143cd2b0be24577379d80cba

SHA256
cd7eb9c8d26af78da36121d7fc5e1c31785952f6732dadf7b0d4c743d3b9daf5

SHA512
940db5766ebc625ee9b01de5bff70f0bca36bcfac1ea6d92227859cfeee033e1340779be800e45f655cf8c95beae7624b1d623ab4d57a7156e77e87ae2d9f36b

Download Submit
memory/5924-18-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-29-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-1-0x00007FFB5C76D000-0x00007FFB5C76E000-memory.dmp

Filesize
4KB

Download
memory/5924-5-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-4-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-8-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-7-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-10-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-12-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-13-0x00007FFB1A4D0000-0x00007FFB1A4E0000-memory.dmp

Filesize
64KB

Download
memory/5924-11-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-15-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-16-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-0-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-2-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-14-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-19-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-9-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-6-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-17-0x00007FFB1A4D0000-0x00007FFB1A4E0000-memory.dmp

Filesize
64KB

Download
memory/5924-30-0x00007FFB5C76D000-0x00007FFB5C76E000-memory.dmp

Filesize
4KB

Download
memory/5924-31-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-32-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download
memory/5924-3-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-57-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-59-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-58-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-56-0x00007FFB1C750000-0x00007FFB1C760000-memory.dmp

Filesize
64KB

Download
memory/5924-60-0x00007FFB5C6D0000-0x00007FFB5C8C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads