Resubmissions
21-02-2021 18:06
210221-8wax7qzvqx 821-02-2021 18:00
210221-vjzsylyfz2 821-02-2021 17:56
210221-ae84tv1r2n 810-02-2021 15:47
210210-9b99yvj8es 810-02-2021 14:59
210210-9m2qxt96q6 810-02-2021 14:53
210210-kg5v21dqj6 810-02-2021 14:51
210210-z793ybymhe 810-02-2021 14:49
210210-vejqem8yk2 810-02-2021 14:45
210210-4vmkq6d3bx 810-02-2021 14:12
210210-h2rcklwkns 8Analysis
-
max time kernel
144s -
max time network
124s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
21-02-2021 18:06
General
-
Target
IAHRA.doc
-
Size
90KB
-
MD5
026e53d4cabe762ed84fafdd6243483d
-
SHA1
e9f07fd33d7dd014015d018f9d7abe0fb489bb95
-
SHA256
dd223178e1a516f428a2bcfa790a49eb437651d648fee4d7441dc106cf04df3a
-
SHA512
0025ebcf6705effde6b20af658cd441aca51cf9c438ba56909de5ca5bb99f1cee561cde0f16003380dfa4058511c68c65fbaafb805ff147728eebe4fc09a98ba
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of SetWindowsHookEx 22 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\IAHRA.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3084-2-0x00007FF8731B0000-0x00007FF8731C0000-memory.dmpFilesize
64KB
-
memory/3084-3-0x00007FF8731B0000-0x00007FF8731C0000-memory.dmpFilesize
64KB
-
memory/3084-4-0x00007FF8731B0000-0x00007FF8731C0000-memory.dmpFilesize
64KB
-
memory/3084-5-0x00007FF8731B0000-0x00007FF8731C0000-memory.dmpFilesize
64KB
-
memory/3084-6-0x000001BEB0420000-0x000001BEB0A57000-memory.dmpFilesize
6.2MB