Analysis
-
max time kernel
137s -
max time network
131s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
02-03-2021 09:24
Static task
static1
Behavioral task
behavioral1
Sample
notif_4845296.doc
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
notif_4845296.doc
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
notif_4845296.doc
-
Size
210KB
-
MD5
00ba6e1a5db1dc3b41730b0bf4d1b976
-
SHA1
37ff594d26d4467497f059c7a1b77ebcc6bf70ad
-
SHA256
0a164c9e8b705a10cf699dd3a67ebc2698f4487968215f8c9826247245a3a6e7
-
SHA512
1fe00002b1190033ee9bb6bfac665669e9583a4243f28fbc7ce9e2fc57629a9146bf56ae4def8591bc550e998ac1479078fc32731fcd75545c2b1ae4c2834f49
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 3116 WINWORD.EXE 3116 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE 3116 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\notif_4845296.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3116-2-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmpFilesize
64KB
-
memory/3116-3-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmpFilesize
64KB
-
memory/3116-4-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmpFilesize
64KB
-
memory/3116-6-0x00007FF7FC7D0000-0x00007FF7FC7E0000-memory.dmpFilesize
64KB
-
memory/3116-5-0x000002BD232B0000-0x000002BD238E7000-memory.dmpFilesize
6.2MB
-
memory/3116-7-0x000002BD309A0000-0x000002BD309A4000-memory.dmpFilesize
16KB