Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows10_x64 -
resource
win10 -
submitted
15/07/2020, 08:25
General
-
Target
commerce _07.20.doc
-
Size
114KB
-
MD5
a4cdab76891c04a803cfdf14c1078d8d
-
SHA1
687b0c5157d3da0ed471557cd387abd1a80d3124
-
SHA256
f68bb42ce6d65902275468d5589521805e76a06b724824eb72c6bc1754359d9e
-
SHA512
1d660a4aa4e97b5998378a680ebcd382f44671d75986e781ab74e999030f7412184501c8cb40b56d76e0d945f81b118c67d1a0662d56bbb84cf75975c1b9d28c
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Suspicious use of WriteProcessMemory 5 IoCs
-
Loads dropped DLL 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\commerce _07.20.doc" /o ""1⤵
- Suspicious use of WriteProcessMemory
- Enumerates system info in registry
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32 qg.tmp2⤵
- Process spawned unexpected child process
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exeqg.tmp3⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-