Analysis
-
max time kernel
138s -
max time network
143s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
11-07-2020 07:16
General
-
Target
ordinare 07.08.2020.doc
-
Size
147KB
-
MD5
10cb72a11b08464287de4f6386aa1804
-
SHA1
79fd474a39128136b5d056c2e52d4d573d59a330
-
SHA256
d21916b27b5efdd803201119c97e5318019fff9715a428ec3ca7ded7c86e6e4c
-
SHA512
92febdea66347122623e346466367b23deda4c4947a590466ff6730154b2743cb1f237cf7cd4915af1e0ca0c993133cfc615c1b6c0224cd342e7e3d6b2776361
Score
10/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\ordinare 07.08.2020.doc" /o ""1⤵
- Suspicious use of WriteProcessMemory
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\System32\regsvr32.exe"C:\Windows\System32\regsvr32.exe" V0.tmp2⤵
- Process spawned unexpected child process
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1520-0-0x0000026EED4DC000-0x0000026EED4DD000-memory.dmpFilesize
4KB
-
memory/1520-1-0x0000026EED4DD000-0x0000026EED4E2000-memory.dmpFilesize
20KB
-
memory/1520-2-0x0000026EED4DD000-0x0000026EED4E2000-memory.dmpFilesize
20KB
-
memory/3888-3-0x0000000000000000-mapping.dmp