Analysis
-
max time kernel
137s -
max time network
137s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10-07-2020 08:56
Static task
static1
Behavioral task
behavioral1
Sample
FedEx_s Courier AWB_ 8455674 .doc
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
FedEx_s Courier AWB_ 8455674 .doc
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
FedEx_s Courier AWB_ 8455674 .doc
-
Size
1.6MB
-
MD5
5d0e5f500d80ea023fc2e117e69f9a4f
-
SHA1
7ef08736f41aad919edb771e74e28df5b673825b
-
SHA256
5fbc3560a1bd21904d0246851b7a016c8ac666ab1ac31b34245d6a4bce5670f3
-
SHA512
cf951ffd68af0e179cb48b2a2a5d451c74629beab2efd71fcbfea3ff0d70ec178660b19568549c39557600bca4bc93b419345890f9e252f5d720b03326158210
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
WINWORD.EXEpid process 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE 652 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 652 WINWORD.EXE 652 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\FedEx_s Courier AWB_ 8455674 .doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:652