Overview

overview

8

Static

static

QP-0766.doc

windows7_x64

8

QP-0766.doc

windows10_x64

1

Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-01-2021 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QP-0766.doc

  • Size

    378KB

  • MD5

    db52599ab7157eb54ca999a083e49a15

  • SHA1

    807fbb4754dd034b043037d9865247ab89231c25

  • SHA256

    c3a874c2f52b78045ba9c87df670ede1f77a95962e8da430adeaa3c52ff08b9a

  • SHA512

    d38700c72a3f02de75876c5e21350682785679114f5294c34a2f131423db2bab51a85ba7e2661fad09de82a07c27a3e15b8dfbd578c9b621396ca85e09058710

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\QP-0766.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:504

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/504-2-0x00007FFC9E540000-0x00007FFC9EB77000-memory.dmp

    Filesize

    6.2MB

    Download