aa2f7980511024dbcb007e29eb7b10c374d87b1f6f4a6a35f4bdf4ea803fb008

Analysis

max time kernel
109s
max time network
138s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2025, 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CurrentlyCabinets/Creatures.xlm
Size

50KB
MD5

9c2d81e57f3b2e7076a73507a7262e48
SHA1

0c24dea7c43ba758fd4da63cd247e9827af7263e
SHA256

0760bc5546ec8ddb228b9baab15c594bfe112407745d3f87fb7e4545cb0886b4
SHA512

394904990cb08766a5f30488fc68fe52f6a0d5bacd53ba4379d01f71d0ff175da696cb5ef6108851c07b9d6531b2136d5f5a7282bef6075b4cc0260bd9786197
SSDEEP

768:886n3TrZSdqFub9bv26KHovYhb0FG5qlTC7Ut778lvv8JvVTXDR6RCcqpdv8ifDo:88OTNDuZbe/6rZl+Yd28CgHD7o

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3828	EXCEL.EXE

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE
3828	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\CurrentlyCabinets\Creatures.xlm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3828

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9J9RSV3VPAYXYAF267UN.temp

Filesize
2KB

MD5
522dadf1cc8c0b2514a98375c7587be9

SHA1
c750c653b04f522e2ee84b4c08648ac96306a0a0

SHA256
2b9db3fe2371fdf00e9a212074d275cb43033ade19d631d3732c462835521f75

SHA512
278967693c62e1373a8361b18823aa7580136674e64da38c96eff1cd06447d063447fbaab4eae7e82aea588f238b18805b7adfb7b9a0317c7b4ab7c4ccc66286

Download Submit
memory/3828-21-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-10-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-12-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-14-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-15-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-13-0x00007FFA6BB90000-0x00007FFA6BBA0000-memory.dmp

Filesize
64KB

Download
memory/3828-11-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-16-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-18-0x00007FFA6BB90000-0x00007FFA6BBA0000-memory.dmp

Filesize
64KB

Download
memory/3828-19-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-17-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-20-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-9-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-22-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-24-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-25-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-1-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-23-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-34-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-6-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-5-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-4-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-3-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-2-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-0-0x00007FFAAE683000-0x00007FFAAE684000-memory.dmp

Filesize
4KB

Download
memory/3828-32-0x00007FFAAE683000-0x00007FFAAE684000-memory.dmp

Filesize
4KB

Download
memory/3828-33-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-35-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-8-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-39-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-7-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download
memory/3828-60-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-61-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-63-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-62-0x00007FFA6E670000-0x00007FFA6E680000-memory.dmp

Filesize
64KB

Download
memory/3828-64-0x00007FFAAE5E0000-0x00007FFAAE7E9000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads