Analysis
-
max time kernel
139s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
02-03-2021 09:24
Static task
static1
Behavioral task
behavioral1
Sample
interessat_792258.doc
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
interessat_792258.doc
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
interessat_792258.doc
-
Size
211KB
-
MD5
817a8de3792782a6a848d2c9e9ccb987
-
SHA1
4c5cd45dc9d6ae543f0cd6e26252ceadda83611f
-
SHA256
112b81749cfa5144facbbb739869ffc4679f9f7b41ad76965dcd478081f7a5e9
-
SHA512
08eeead41bae9ec76d28ff07e395d4b850b80aa3cd31163e5ba59bedf01697db11c9eccb9a4518f68c9b51f84b1fe4adaf4114a4e13dc4dc7ade6204579082ab
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1052 WINWORD.EXE 1052 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE 1052 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\interessat_792258.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1052-2-0x00007FFE80C20000-0x00007FFE80C30000-memory.dmpFilesize
64KB
-
memory/1052-3-0x00007FFE80C20000-0x00007FFE80C30000-memory.dmpFilesize
64KB
-
memory/1052-4-0x00007FFE80C20000-0x00007FFE80C30000-memory.dmpFilesize
64KB
-
memory/1052-5-0x00007FFE80C20000-0x00007FFE80C30000-memory.dmpFilesize
64KB
-
memory/1052-6-0x00000268A14C0000-0x00000268A1AF7000-memory.dmpFilesize
6.2MB
-
memory/1052-7-0x00000268AECD0000-0x00000268AECD4000-memory.dmpFilesize
16KB