Analysis
-
max time kernel
135s -
max time network
119s -
platform
windows10_x64 -
resource
win10 -
submitted
01-08-2020 19:37
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429.doc
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429.doc
Resource
win10
General
-
Target
SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429.doc
-
Size
170KB
-
MD5
2fb02ab60274d396a7c01d5917ff21ec
-
SHA1
cc78cb81517d7b18434964dd029efb6e06857e96
-
SHA256
e547fe2a6107ee0731916d3a03179c18b54bf227ea86eed3cadf25fd0df77901
-
SHA512
f00a3c380c7e23d546aee05f528aae402c0102de1988da4436616be7cd0ed1ba3e499b78c77dbfe628d544aa45c6426775d8442ca4816dcafdda52b2cf03030a
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
WINWORD.EXEpid process 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE 3820 WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3820 WINWORD.EXE 3820 WINWORD.EXE -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.Siggen2.12288.27237.7429.doc" /o ""1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious behavior: AddClipboardFormatListener
- Checks processor information in registry
- Enumerates system info in registry
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3820-0-0x0000020F12749000-0x0000020F1274E000-memory.dmpFilesize
20KB
-
memory/3820-1-0x0000020F12991000-0x0000020F12996000-memory.dmpFilesize
20KB
-
memory/3820-2-0x0000020F12749000-0x0000020F1274E000-memory.dmpFilesize
20KB
-
memory/3820-3-0x0000020F12991000-0x0000020F12996000-memory.dmpFilesize
20KB
-
memory/3820-4-0x0000020F1298F000-0x0000020F12991000-memory.dmpFilesize
8KB
-
memory/3820-5-0x0000020F12991000-0x0000020F12996000-memory.dmpFilesize
20KB