Overview

overview

8

Static

static

FedEx - AW...30.doc

windows7_x64

8

FedEx - AW...30.doc

windows10_x64

1

Analysis

  • max time kernel
    137s
  • max time network
    134s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FedEx - AWB 772584418730.doc

  • Size

    324KB

  • MD5

    362ee70db12c9aa925ce26484358ab39

  • SHA1

    47688feb71dcc0120304491902202e2732ae5593

  • SHA256

    ffa88c0e759ef6dae762063d5ba2da94cf0b11febaf47e41c9589a8a52beaff0

  • SHA512

    07a1c3531e04316a6689b75dfc840f63e8f25e0a825b86742ca668cd9f547ee12edd768121a81c49324695745d435dd2ca7067c8a2df9c5386ed1b1dda71b492

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\FedEx - AWB 772584418730.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/492-2-0x00007FF8FA9D0000-0x00007FF8FB007000-memory.dmp

    Filesize

    6.2MB

    Download