Overview

overview

4

Static

static

poste me.docx

windows7_x64

4

poste me.docx

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    129s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    20-11-2020 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    poste me.docx

  • Size

    234KB

  • MD5

    a52f50ea65ed44d306023f600f4632ab

  • SHA1

    4546852d349aee3008aa8585f3bbe9c341a26d89

  • SHA256

    51d630d812b5192e12e69f5bd4334cf1ed840ce8c659e403e30790d16ff86497

  • SHA512

    942b4839ffcf40555834766a21f53839f2e78dbb6aa82b6d7c84356a813ed0922ed9466e5c968c49ad205a94a25c73398c9ddebfafc732b4fb5f41d17e53c1e4

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\poste me.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1160

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1160-0-0x000001E94E810000-0x000001E94EE47000-memory.dmp
    Filesize

    6.2MB

    Download