Overview

overview

10

Static

static

nix4e_com_ursnif.doc

windows7_x64

10

nix4e_com_ursnif.doc

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09/07/2020, 15:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    nix4e_com_ursnif.doc

  • Size

    132KB

  • MD5

    80cfa4babf4a24cdd752ea920b409adc

  • SHA1

    90669c6e3c86881facbb3ad6d44d7509b08116fb

  • SHA256

    fed5b5e20c6b7704573865320c3ba2d3e41844747ec4cf21cece347997b7a10e

  • SHA512

    2fbb2068519cf5425013ecb21e0c0741b195f8159ac97aa960835f1b9ebe78b3b9970322c33424e701ed4d5516eb345a2b868d20531f58a27ce484d99e0973c1

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\nix4e_com_ursnif.doc" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Enumerates system info in registry
    • Checks processor information in registry
    PID:3588

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3588-0-0x000002D660213000-0x000002D660218000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3588-1-0x000002D660213000-0x000002D660218000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3588-2-0x000002D660213000-0x000002D660218000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3588-3-0x000002D660271000-0x000002D660273000-memory.dmp

          Filesize

          8KB

          Download

        • memory/3588-4-0x000002D660273000-0x000002D660278000-memory.dmp

          Filesize

          20KB

          Download