Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows10_x64 -
resource
win10 -
submitted
11-07-2020 07:23
Static task
static1
Behavioral task
behavioral1
Sample
certificato-07.08.20.doc
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
certificato-07.08.20.doc
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
certificato-07.08.20.doc
-
Size
134KB
-
MD5
0a1f37db056ff83c5161a2604fc0f978
-
SHA1
9ff7afd9002eafe4c409dfaadde932fb5400666f
-
SHA256
340997943546e3a333e84ca3764f721b48218557389534beebe4a2ab13b968d4
-
SHA512
a0c2d9aeb70660964d0bf8c01a25cf3f5c4d1012270663403ad54029b064000b5afdb989f2f3be2f00673f5384fcadd31716dc405dd7f3295523576ce0563217
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 19 IoCs
Processes:
WINWORD.EXEpid process 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE 344 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 344 WINWORD.EXE 344 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\certificato-07.08.20.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Enumerates system info in registry
- Checks processor information in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/344-0-0x000001A3AB7B5000-0x000001A3AB7BA000-memory.dmpFilesize
20KB
-
memory/344-1-0x000001A3AB7B5000-0x000001A3AB7BA000-memory.dmpFilesize
20KB
-
memory/344-2-0x000001A3AB821000-0x000001A3AB826000-memory.dmpFilesize
20KB
-
memory/344-3-0x000001A3AB7B4000-0x000001A3AB7B5000-memory.dmpFilesize
4KB
-
memory/344-4-0x000001A3AB7B5000-0x000001A3AB7BA000-memory.dmpFilesize
20KB
-
memory/344-5-0x000001A3AB7B5000-0x000001A3AB7BA000-memory.dmpFilesize
20KB
-
memory/344-6-0x000001A3A1892000-0x000001A3A1897000-memory.dmpFilesize
20KB
-
memory/344-7-0x000001A3AB818000-0x000001A3AB821000-memory.dmpFilesize
36KB