Analysis

  • max time kernel
    137s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    10-07-2020 08:56

General

  • Target

    FedEx_s Courier AWB_ 8455674 .doc

  • Size

    1.6MB

  • MD5

    5d0e5f500d80ea023fc2e117e69f9a4f

  • SHA1

    7ef08736f41aad919edb771e74e28df5b673825b

  • SHA256

    5fbc3560a1bd21904d0246851b7a016c8ac666ab1ac31b34245d6a4bce5670f3

  • SHA512

    cf951ffd68af0e179cb48b2a2a5d451c74629beab2efd71fcbfea3ff0d70ec178660b19568549c39557600bca4bc93b419345890f9e252f5d720b03326158210

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\FedEx_s Courier AWB_ 8455674 .doc" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:652

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads