Analysis
-
max time kernel
138s -
max time network
133s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 09:29
General
-
Target
documenti_07.20.doc
-
Size
147KB
-
MD5
3f4c57007a3d58bb89067c4a0864b2bd
-
SHA1
0b17e8eb16e77703d19a06cbcf835881de0ae48c
-
SHA256
b8f073052b8bf06d12ff4cf8182bf75c91248ef19f906ca6213e8cb4cd46ca00
-
SHA512
4abd436d78fbad2f981f66a475674d671cd59361665c571bf1b6a260658344197d019569bb37b6aabfaadfd42ef3a42ff24e2e8083680e153c78727e2005e90c
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\documenti_07.20.doc" /o ""1⤵
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" U.tmp2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
204KB
-
Filesize
204KB