Analysis
-
max time kernel
140s -
max time network
139s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
09-07-2020 15:06
General
-
Target
ioyyf_com_ursnif.doc
-
Size
147KB
-
MD5
5565bd451356b4002215d2b842b13954
-
SHA1
162b25a6c67f15e4a0907bffc87bdffdb7c57b4c
-
SHA256
0bf4952eb4a7081a910bf9d122b6ff8fcffccd5d39578e57c98b5b3a16f81816
-
SHA512
9aaf88786ca24828d7f9431d72e4a51ff846163a32f1cae78746a4b60daccf183a2b5272d26c3c6e65bd5366c264bd7c7718861f7f5e8257e864b67d569b8975
Score
10/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ioyyf_com_ursnif.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" Nv.tmp2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
216KB
-
Filesize
20KB
-
Filesize
20KB
-