Analysis
-
max time kernel
60s -
max time network
15s -
platform
windows10_x64 -
resource
win10 -
submitted
17-07-2020 17:21
Static task
static1
Behavioral task
behavioral1
Sample
0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9.doc
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9.doc
-
Size
196KB
-
MD5
572b8881e0c46128b605daeb589e7a73
-
SHA1
a67f7ec183d0d5fbe07f95ec011379ff3633ae81
-
SHA256
0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9
-
SHA512
9972ed43084f887d14c6512bc47430a7ef048596c227b70cb85bec8932cc9470d3bf64ebf74a51714ef30ced4c9b3397e0803c21cdee03751f5b8e4a51c49de3
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 10 IoCs
Processes:
WINWORD.EXEpid process 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE 2008 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 2008 WINWORD.EXE 2008 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
PID:2008