Overview

overview

8

Static

static

12.07.rtf

windows7_x64

8

12.07.rtf

windows10_x64

1

Analysis

  • max time kernel
    138s
  • max time network
    130s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    12-07-2020 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12.07.rtf

  • Size

    653KB

  • MD5

    333d571e448686dd17da1d47546e4aab

  • SHA1

    03ddb8e0550dd9e5e01b8560a199ab344b55d744

  • SHA256

    5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c

  • SHA512

    16f0a5242fc2ab83fc96e0ef1a04cd385753cdf0b0c668495226b43a77135f1ec113e537acf7413a750e0196b7dedec071449a4eaae2222f6f852f57f9431fd3

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\12.07.rtf" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:3944

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads