Analysis
-
max time kernel
138s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
26-02-2021 06:39
Static task
static1
Behavioral task
behavioral1
Sample
dogovor.doc
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
dogovor.doc
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
dogovor.doc
-
Size
8KB
-
MD5
372c2759cee22609b6b848e74eacdbc9
-
SHA1
e4e20687e2f8a8954bb11d4cdb40ce99dcb44b4d
-
SHA256
85c83d12212145e186408c1910dbc95a301a13a70e37a7a32b3e14c48c8b832b
-
SHA512
ca89e1ba5109b365355a9be780d5088c68b245974ab66033ee8b964a45a711430e99f8f4f167b555e52ebb8733b54d921b18f3736d052a55be353bc4c9009aa2
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 504 WINWORD.EXE 504 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
WINWORD.EXEpid process 504 WINWORD.EXE 504 WINWORD.EXE 504 WINWORD.EXE 504 WINWORD.EXE 504 WINWORD.EXE 504 WINWORD.EXE 504 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\dogovor.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:504
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/504-2-0x00007FF7DFCE0000-0x00007FF7DFCF0000-memory.dmpFilesize
64KB
-
memory/504-3-0x00007FF7DFCE0000-0x00007FF7DFCF0000-memory.dmpFilesize
64KB
-
memory/504-4-0x00007FF7DFCE0000-0x00007FF7DFCF0000-memory.dmpFilesize
64KB
-
memory/504-5-0x00007FF7DFCE0000-0x00007FF7DFCF0000-memory.dmpFilesize
64KB
-
memory/504-6-0x00007FF800580000-0x00007FF800BB7000-memory.dmpFilesize
6.2MB