Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
11-07-2020 07:17
General
-
Target
file 07.08.2020.doc
-
Size
147KB
-
MD5
f87de9e54541c53de616b230852e0d28
-
SHA1
9cf0153c3a04a30c138ab649b8a8cb1286c8fd8a
-
SHA256
f9b682245ad0fe442e1bbe331f67b8c6a6241aac9fb2aa727b020a4f0a897ce2
-
SHA512
5652193e9c969fb3150a8e8c2291f8b964f83ef1e3868df579666273b3abb7f56264993ee259a59e866d38f663f158dc9bd1fc046b377abf8bd8b5fe098e99b5
Score
10/10
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\file 07.08.2020.doc" /o ""1⤵
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" ww.tmp2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2040-0-0x000001E69DBB1000-0x000001E69DBB6000-memory.dmpFilesize
20KB
-
memory/2040-1-0x000001E69DBB1000-0x000001E69DBB6000-memory.dmpFilesize
20KB
-
memory/3332-2-0x0000000000000000-mapping.dmp