Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-03-2021 10:04
Static task
static1
Behavioral task
behavioral1
Sample
docs.03.11.2021.doc
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
docs.03.11.2021.doc
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
docs.03.11.2021.doc
-
Size
75KB
-
MD5
12d62888e14432cd9c6e09e13ede91c8
-
SHA1
78086c8357c3bb40d2771a9da512e9d055497405
-
SHA256
b6d6fe71516b8844c38b2f1c6c5081e7a016b0898bb6fa0c943da6403bfb68ba
-
SHA512
e609d0c6242b3574ff4bf43bcb82127898bd99576cbc53b38de9a196314d342e860220ff2a48c4acf30e98a29cfeb0e0025ac60b0e56b67c05805a12e2059ea3
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 1048 WINWORD.EXE 1048 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE 1048 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\docs.03.11.2021.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1048-2-0x00007FFA46D50000-0x00007FFA46D60000-memory.dmpFilesize
64KB
-
memory/1048-3-0x00007FFA46D50000-0x00007FFA46D60000-memory.dmpFilesize
64KB
-
memory/1048-4-0x00007FFA46D50000-0x00007FFA46D60000-memory.dmpFilesize
64KB
-
memory/1048-5-0x00007FFA46D50000-0x00007FFA46D60000-memory.dmpFilesize
64KB
-
memory/1048-6-0x000001D8602C0000-0x000001D8608F7000-memory.dmpFilesize
6.2MB
-
memory/1048-7-0x000001D86F8C0000-0x000001D86F8C4000-memory.dmpFilesize
16KB
-
memory/1048-8-0x00007FFA5F550000-0x00007FFA5FEF0000-memory.dmpFilesize
9.6MB