Analysis
-
max time kernel
138s -
max time network
130s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
12-07-2020 13:10
Static task
static1
Behavioral task
behavioral1
Sample
12.07.rtf
Resource
win7
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
12.07.rtf
Resource
win10v200430
0 signatures
0 seconds
General
-
Target
12.07.rtf
-
Size
653KB
-
MD5
333d571e448686dd17da1d47546e4aab
-
SHA1
03ddb8e0550dd9e5e01b8560a199ab344b55d744
-
SHA256
5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c
-
SHA512
16f0a5242fc2ab83fc96e0ef1a04cd385753cdf0b0c668495226b43a77135f1ec113e537acf7413a750e0196b7dedec071449a4eaae2222f6f852f57f9431fd3
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
WINWORD.EXEpid process 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE 3944 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3944 WINWORD.EXE 3944 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\12.07.rtf" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry