Analysis
-
max time kernel
140s -
max time network
137s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
11-07-2020 07:17
General
-
Target
ordine_07.08.20.doc
-
Size
147KB
-
MD5
fe0645535e48000792e5120eec45cf75
-
SHA1
ec407afabc52b5aa8a223da4b69acf5a26b1ad6a
-
SHA256
f1721df32789a9e1551010e0fc30caa050366f4c949c1f73fcf317e85e0ecb35
-
SHA512
78466f1255589cfa53c629365968bf89a925be26f3cbd924266e3fbb2a42d6bb5c601c6cee52d23322980fa621517f4c0e83394ebcf0780f7859d20127716c98
Score
10/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ordine_07.08.20.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" ww.tmp2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/564-2-0x0000000000000000-mapping.dmp
-
memory/1616-0-0x000001D26917D000-0x000001D2691EB000-memory.dmpFilesize
440KB
-
memory/1616-1-0x000001D26917D000-0x000001D2691EB000-memory.dmpFilesize
440KB