Overview

overview

10

Static

static

8

invoice_3871.doc

windows7_x64

10

invoice_3871.doc

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    131s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    17/07/2020, 20:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    invoice_3871.doc

  • Size

    191KB

  • MD5

    de70b94045d8c7015fc4cd6c4a422550

  • SHA1

    dc0d255aacc4483a1f4c57d6431126add3c4cf34

  • SHA256

    1a9f759bb9bd81dec9e2703f6969d9e4f7698200c8a5589e6c22bda4cbafa086

  • SHA512

    97a4edd9fd870cf4b7957f60eb149ce0fecca5e3b17906961b8d8552204aa618bd07c6bd77fac5708b2dfe9495209f389b2835d1f34064296408b0a346c2c257

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\invoice_3871.doc" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:3100

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3100-0-0x000001358D420000-0x000001358D425000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3100-1-0x000001358D420000-0x000001358D425000-memory.dmp

          Filesize

          20KB

          Download

        • memory/3100-2-0x000001358D6B7000-0x000001358D6BC000-memory.dmp

          Filesize

          20KB

          Download