Analysis
-
max time kernel
139s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-03-2021 10:07
Static task
static1
Behavioral task
behavioral1
Sample
documenti 03.21.doc
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
documenti 03.21.doc
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
documenti 03.21.doc
-
Size
76KB
-
MD5
ed2095f86caf3ad326e7fe4525ada361
-
SHA1
0b6773c537cc384531bde6c005b0b4a982556ab4
-
SHA256
ee1de698f92e76aa39edb050d910876a940bf8976aa15c8cad50600c644cbe6a
-
SHA512
375da8917f2793e961d2473fe1351c8b47341eaf7a0e544b0b0d09a77bec59de135d9b314bb1dc2262bb9a79056fd46707b40aa5cea8a0727d2ef7d30f19774f
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 648 WINWORD.EXE 648 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\documenti 03.21.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/648-2-0x00007FF9C3DC0000-0x00007FF9C3DD0000-memory.dmpFilesize
64KB
-
memory/648-3-0x00007FF9C3DC0000-0x00007FF9C3DD0000-memory.dmpFilesize
64KB
-
memory/648-4-0x00007FF9C3DC0000-0x00007FF9C3DD0000-memory.dmpFilesize
64KB
-
memory/648-5-0x0000023885720000-0x0000023885D57000-memory.dmpFilesize
6.2MB
-
memory/648-6-0x00007FF9C3DC0000-0x00007FF9C3DD0000-memory.dmpFilesize
64KB
-
memory/648-7-0x0000023894BF0000-0x0000023894BF4000-memory.dmpFilesize
16KB