Analysis
-
max time kernel
135s -
max time network
125s -
platform
windows10_x64 -
resource
win10 -
submitted
09-07-2020 15:06
General
-
Target
nix4e_com_ursnif.doc
-
Size
132KB
-
MD5
80cfa4babf4a24cdd752ea920b409adc
-
SHA1
90669c6e3c86881facbb3ad6d44d7509b08116fb
-
SHA256
fed5b5e20c6b7704573865320c3ba2d3e41844747ec4cf21cece347997b7a10e
-
SHA512
2fbb2068519cf5425013ecb21e0c0741b195f8159ac97aa960835f1b9ebe78b3b9970322c33424e701ed4d5516eb345a2b868d20531f58a27ce484d99e0973c1
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\nix4e_com_ursnif.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Enumerates system info in registry
- Checks processor information in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3588-0-0x000002D660213000-0x000002D660218000-memory.dmpFilesize
20KB
-
memory/3588-1-0x000002D660213000-0x000002D660218000-memory.dmpFilesize
20KB
-
memory/3588-2-0x000002D660213000-0x000002D660218000-memory.dmpFilesize
20KB
-
memory/3588-3-0x000002D660271000-0x000002D660273000-memory.dmpFilesize
8KB
-
memory/3588-4-0x000002D660273000-0x000002D660278000-memory.dmpFilesize
20KB