Analysis
-
max time kernel
138s -
max time network
123s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
04-03-2021 17:47
General
-
Target
SecuriteInfo.com.Exploit.RTF-ObfsStrm.Gen.675.18581.rtf
-
Size
267KB
-
MD5
174339ee0b1d50af956d16c7608a787e
-
SHA1
70f7dda70f239b16afcd1e7818075237c53abbc5
-
SHA256
9e9f12d14bd6918e39116f6a1c8017ecf3cd93a37c760b67175c0332d429526e
-
SHA512
f7a7c1ff8cb032582f8695cb927e1429d8b355547b67a96dfb8834fd43e8891bd6a660c70935c910ba0ee2cb1f20a8d83bc42aab04db310b85fbadab8897527a
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.RTF-ObfsStrm.Gen.675.18581.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1456-2-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-3-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-4-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-5-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-6-0x00007FFB52C70000-0x00007FFB532A7000-memory.dmpFilesize
6.2MB