Analysis
-
max time kernel
135s -
max time network
131s -
platform
windows10_x64 -
resource
win10 -
submitted
01-08-2020 19:37
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12178.18639.4466.doc
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12178.18639.4466.doc
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12178.18639.4466.doc
-
Size
174KB
-
MD5
d9115c6d9e1318028e66ea6d87a71ae1
-
SHA1
0d3822ca70938c790bd191c1b4a18dda93199a28
-
SHA256
daa02c094f479a12e59e5f5bdc4a4dfe14f22d92f78453d27382132b41bab40b
-
SHA512
12e4e493b4e748890018d34bbe42fd933b9ea06b7a1ae07ab96cc59e8754c658e6003fdba47404a8c8892947b5c851d1e650f496e04cc4f12fda3a5e4e57f9ec
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
WINWORD.EXEpid process 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE 3808 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3808 WINWORD.EXE 3808 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.Siggen2.12178.18639.4466.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry