Resubmissions
21-02-2021 18:06
210221-8wax7qzvqx 821-02-2021 18:00
210221-vjzsylyfz2 821-02-2021 17:56
210221-ae84tv1r2n 810-02-2021 15:47
210210-9b99yvj8es 810-02-2021 14:59
210210-9m2qxt96q6 810-02-2021 14:53
210210-kg5v21dqj6 810-02-2021 14:51
210210-z793ybymhe 810-02-2021 14:49
210210-vejqem8yk2 810-02-2021 14:45
210210-4vmkq6d3bx 810-02-2021 14:12
210210-h2rcklwkns 8Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-02-2021 18:06
Behavioral task
behavioral1
Sample
IAHRA.doc
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
IAHRA.doc
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
IAHRA.doc
-
Size
90KB
-
MD5
026e53d4cabe762ed84fafdd6243483d
-
SHA1
e9f07fd33d7dd014015d018f9d7abe0fb489bb95
-
SHA256
dd223178e1a516f428a2bcfa790a49eb437651d648fee4d7441dc106cf04df3a
-
SHA512
0025ebcf6705effde6b20af658cd441aca51cf9c438ba56909de5ca5bb99f1cee561cde0f16003380dfa4058511c68c65fbaafb805ff147728eebe4fc09a98ba
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3084 WINWORD.EXE 3084 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 22 IoCs
Processes:
WINWORD.EXEpid process 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE 3084 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\IAHRA.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3084