Analysis
-
max time kernel
135s -
max time network
132s -
platform
windows10_x64 -
resource
win10 -
submitted
11-07-2020 07:25
Static task
static1
Behavioral task
behavioral1
Sample
richiedere.07.20.doc
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
richiedere.07.20.doc
Resource
win10
0 signatures
0 seconds
General
-
Target
richiedere.07.20.doc
-
Size
134KB
-
MD5
2a3becf45cb2beab4516efe3e2ab2c74
-
SHA1
034531bbf31899b2c44a2887a64b013396cd8e0d
-
SHA256
c4b476186a7d27189e16f2c25a20d47c84da5e08fe7994014cbbad879c53dbfd
-
SHA512
02a843000356e760523fee53320ac93c545d39cd34e9791acbf0759e6d55ec511d4c3d299f4a6b5770b47ba737b691cc5af5b496ed05c517b047c2cf668c5546
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 792 WINWORD.EXE 792 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious use of SetWindowsHookEx 19 IoCs
Processes:
WINWORD.EXEpid process 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE 792 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\richiedere.07.20.doc" /o ""1⤵
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/792-0-0x00000151ED046000-0x00000151ED06E000-memory.dmpFilesize
160KB
-
memory/792-1-0x00000151ED06E000-0x00000151ED073000-memory.dmpFilesize
20KB
-
memory/792-2-0x00000151ED0AB000-0x00000151ED0B0000-memory.dmpFilesize
20KB
-
memory/792-3-0x00000151ED06E000-0x00000151ED073000-memory.dmpFilesize
20KB
-
memory/792-4-0x00000151ED0A4000-0x00000151ED0A9000-memory.dmpFilesize
20KB
-
memory/792-5-0x00000151ED0A9000-0x00000151ED0AB000-memory.dmpFilesize
8KB