Analysis
-
max time kernel
138s -
max time network
123s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
04-03-2021 17:47
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Exploit.RTF-ObfsStrm.Gen.675.18581.rtf
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Exploit.RTF-ObfsStrm.Gen.675.18581.rtf
Resource
win10v20201028
General
-
Target
SecuriteInfo.com.Exploit.RTF-ObfsStrm.Gen.675.18581.rtf
-
Size
267KB
-
MD5
174339ee0b1d50af956d16c7608a787e
-
SHA1
70f7dda70f239b16afcd1e7818075237c53abbc5
-
SHA256
9e9f12d14bd6918e39116f6a1c8017ecf3cd93a37c760b67175c0332d429526e
-
SHA512
f7a7c1ff8cb032582f8695cb927e1429d8b355547b67a96dfb8834fd43e8891bd6a660c70935c910ba0ee2cb1f20a8d83bc42aab04db310b85fbadab8897527a
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1456 WINWORD.EXE 1456 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
WINWORD.EXEpid process 1456 WINWORD.EXE 1456 WINWORD.EXE 1456 WINWORD.EXE 1456 WINWORD.EXE 1456 WINWORD.EXE 1456 WINWORD.EXE 1456 WINWORD.EXE 1456 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Exploit.RTF-ObfsStrm.Gen.675.18581.rtf" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1456-2-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-3-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-4-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-5-0x00007FFB33400000-0x00007FFB33410000-memory.dmpFilesize
64KB
-
memory/1456-6-0x00007FFB52C70000-0x00007FFB532A7000-memory.dmpFilesize
6.2MB