Overview

overview

10

Static

static

document_v...oc.rtf

windows7_x64

10

document_v...oc.rtf

windows10_x64

5

Analysis

  • max time kernel
    73s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    25-01-2021 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    document_v152120.doc.rtf

  • Size

    12KB

  • MD5

    3c9b171aa4191384845ffc13021f3a7f

  • SHA1

    0acd262c9aad61b328b4d37a3460ba41630ef3a0

  • SHA256

    140ee2b8d6fba55259d70bab833fbae1924c7426bb8ddc79aaa5088435281872

  • SHA512

    62bd151a6e9520133a6e1257f06ebe8bfcd0da71f7665a402b9d136c48c561f3b17eaae462cc709845c503de89d208d735caacb7e5df234ad2397900d7de89cc

Score
5/10
ransomware

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\document_v152120.doc.rtf" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:3116

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3116-2-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-3-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-4-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-5-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-6-0x00007FF81BCB0000-0x00007FF81C2E7000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/3116-7-0x00007FF81D830000-0x00007FF820353000-memory.dmp

    Filesize

    43.1MB

    Download

  • memory/3116-8-0x00007FF81D830000-0x00007FF820353000-memory.dmp

    Filesize

    43.1MB

    Download

  • memory/3116-9-0x00007FF81D830000-0x00007FF820353000-memory.dmp

    Filesize

    43.1MB

    Download

  • memory/3116-10-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-11-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-12-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3116-13-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmp

    Filesize

    64KB

    Download