Analysis
-
max time kernel
136s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-01-2021 07:18
General
-
Target
Inquiry No TBD-6-5659.doc.rtf
-
Size
2.1MB
-
MD5
1487709f7e0bd31d246132df9e334e9c
-
SHA1
6f4250f4ffa15136852127b7d9dbfeabdd85d020
-
SHA256
49615f1281e974a6f58c4dea63673b24ae8b331a3801788244710a3a19194a7a
-
SHA512
aca6e69fe09e1c8446ffee3047fa3cefc3028ff203edf4d3b964f46b538cf83af5373e0a9e971b010ac568ebddb96e27769f927a0304e5e3d27e930a091fe462
Score
5/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Inquiry No TBD-6-5659.doc.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4092-2-0x00007FFFABD70000-0x00007FFFABD80000-memory.dmpFilesize
64KB
-
memory/4092-3-0x00007FFFABD70000-0x00007FFFABD80000-memory.dmpFilesize
64KB
-
memory/4092-4-0x00007FFFABD70000-0x00007FFFABD80000-memory.dmpFilesize
64KB
-
memory/4092-5-0x00007FFFCB4A0000-0x00007FFFCBAD7000-memory.dmpFilesize
6.2MB
-
memory/4092-6-0x00007FFFABD70000-0x00007FFFABD80000-memory.dmpFilesize
64KB