aa2f7980511024dbcb007e29eb7b10c374d87b1f6f4a6a35f4bdf4ea803fb008

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2025, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CurrentlyCabinets/Creatures.xlm
Size

50KB
MD5

9c2d81e57f3b2e7076a73507a7262e48
SHA1

0c24dea7c43ba758fd4da63cd247e9827af7263e
SHA256

0760bc5546ec8ddb228b9baab15c594bfe112407745d3f87fb7e4545cb0886b4
SHA512

394904990cb08766a5f30488fc68fe52f6a0d5bacd53ba4379d01f71d0ff175da696cb5ef6108851c07b9d6531b2136d5f5a7282bef6075b4cc0260bd9786197
SSDEEP

768:886n3TrZSdqFub9bv26KHovYhb0FG5qlTC7Ut778lvv8JvVTXDR6RCcqpdv8ifDo:88OTNDuZbe/6rZl+Yd28CgHD7o

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2004	EXCEL.EXE

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE
2004	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\CurrentlyCabinets\Creatures.xlm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2004

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
f2ad2b201bc6acd0b063603d14324c78

SHA1
5ffca6441054227cf5efb153b46a1f8963613f66

SHA256
d4175f427a78820bc00ba3c9306d74d040ad9d290de039269d239b246e047cb5

SHA512
f8f969459bd99b47a37bcc65bc9cacb65f53d6142f169463a19d2e3103c2b0700aa7fd6d236d1c44e7c51976dd0f9ca60ac15d2ea904d4ff28cbcfacfc80a826

Download Submit
memory/2004-11-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-53-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-2-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-4-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-5-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-9-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-8-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-6-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-7-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-12-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-13-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-1-0x00007FFE9068D000-0x00007FFE9068E000-memory.dmp

Filesize
4KB

Download
memory/2004-3-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-10-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-28-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-16-0x00007FFE4E560000-0x00007FFE4E570000-memory.dmp

Filesize
64KB

Download
memory/2004-26-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-27-0x00007FFE9068D000-0x00007FFE9068E000-memory.dmp

Filesize
4KB

Download
memory/2004-14-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-29-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download
memory/2004-0-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-50-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-15-0x00007FFE4E560000-0x00007FFE4E570000-memory.dmp

Filesize
64KB

Download
memory/2004-52-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-51-0x00007FFE50670000-0x00007FFE50680000-memory.dmp

Filesize
64KB

Download
memory/2004-54-0x00007FFE905F0000-0x00007FFE907E5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads