Analysis
-
max time kernel
137s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
13-01-2021 08:09
General
-
Target
mal.doc
-
Size
63KB
-
MD5
7b5f1c01980faf7801f16a761cb8d377
-
SHA1
ee47206c87482de1915b1e441a23a5b3473697e3
-
SHA256
3c59ad7c4426e8396369f084c35a2bd3f0caa3ba1d1a91794153507210a77c90
-
SHA512
26172fb0bbe1b3fc46fedd7a50eeba589134bb9feeb503271c52eec9ec973131b0cfd0a343232dd9f72552fe48dcd70244be416f80237cf9e5773766355e412a
Score
10/10
Malware Config
Signatures
-
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 1 IoCs
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\mal.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exeC:\Windows\SysWOW64\notepad.exe2⤵
- Process spawned unexpected child process
- Checks BIOS information in registry
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.2MB
-
-
Filesize
4KB