aa2f7980511024dbcb007e29eb7b10c374d87b1f6f4a6a35f4bdf4ea803fb008

Analysis

max time kernel
149s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2025, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CurrentlyCabinets/Centre.xlm
Size

95KB
MD5

ac54604dbcb7a4bf02cd62a973845be5
SHA1

956757452555f628ae3c37135dc69967cf29c0a5
SHA256

86b05ff314b70a2e8c4d6b690981b70569567181dcfb3ac995c96bc13a09dcb5
SHA512

fca285b6e3d9f759e8dc097d2aab4fdd39e4a18060c0b9a50353b6388668caa94d3f31c35df2cf438b4b8fc1f23046f8db5856e78768f94b2fd3079a357099a8
SSDEEP

1536:dpEKEQmP6dVwV7WQ70yf14AHrSzjWXGmxxQzWEkZ2BlOgpIxJDuqZHSje80Anf:pEQmP6dS7Wu0W3XGZzWEkZ2BlOgpIxop

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
936	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE
936	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\CurrentlyCabinets\Centre.xlm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:936

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
3KB

MD5
9e0aa88c1fa6af412a0904493c0c297f

SHA1
ed265efdc2e933e8efca23d736c299eb86fc5df3

SHA256
79f2883e2ce0f8a5c5db0b196390e434f087b03c66452b5d1fbc99d4b3488c69

SHA512
16ab28a448fd292a7d400cc6f7e721270ca0ed1aeeedd8571b331b1827d6d96f5aa7872b1b901e90dc6dce7022aa2f4498d4255f05daaad3a67ebe314ac28649

Download Submit
memory/936-17-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-30-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-3-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-6-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-9-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-10-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-8-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-11-0x00007FFAA67C0000-0x00007FFAA67D0000-memory.dmp

Filesize
64KB

Download
memory/936-5-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-12-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-4-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-13-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-16-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-1-0x00007FFAE8D4D000-0x00007FFAE8D4E000-memory.dmp

Filesize
4KB

Download
memory/936-2-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-15-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-31-0x00007FFAE8D4D000-0x00007FFAE8D4E000-memory.dmp

Filesize
4KB

Download
memory/936-18-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-14-0x00007FFAA67C0000-0x00007FFAA67D0000-memory.dmp

Filesize
64KB

Download
memory/936-7-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-20-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-32-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-19-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-33-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download
memory/936-0-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-59-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-60-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-58-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-57-0x00007FFAA8D30000-0x00007FFAA8D40000-memory.dmp

Filesize
64KB

Download
memory/936-61-0x00007FFAE8CB0000-0x00007FFAE8EA5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads