Analysis
-
max time kernel
139s -
max time network
137s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-03-2021 11:21
Static task
static1
Behavioral task
behavioral1
Sample
7c3ec42f9c9d58944e1f1184ca77a0dffc15269e6c5ffb74dc8f09736cdfe78b.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7c3ec42f9c9d58944e1f1184ca77a0dffc15269e6c5ffb74dc8f09736cdfe78b.doc
Resource
win10v20201028
General
-
Target
7c3ec42f9c9d58944e1f1184ca77a0dffc15269e6c5ffb74dc8f09736cdfe78b.doc
-
Size
76KB
-
MD5
83a8c5c324eed728624fe1c9a50afe1c
-
SHA1
7c1eb292b812801102e59f6317f0907eaa77e136
-
SHA256
7c3ec42f9c9d58944e1f1184ca77a0dffc15269e6c5ffb74dc8f09736cdfe78b
-
SHA512
03e8806dfa9c82255adb8a02fd75f5f02988482745e0af22cdc98f30a1f4f2f341fac9d4b83f157aec62b5f6c9d38131b8bb7c9265a581892f4da2a073eebc08
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
WINWORD.EXEdescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
WINWORD.EXEpid process 724 WINWORD.EXE 724 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 17 IoCs
Processes:
WINWORD.EXEpid process 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE 724 WINWORD.EXE
Processes
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\7c3ec42f9c9d58944e1f1184ca77a0dffc15269e6c5ffb74dc8f09736cdfe78b.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/724-2-0x00007FFC10600000-0x00007FFC10610000-memory.dmpFilesize
64KB
-
memory/724-3-0x00007FFC10600000-0x00007FFC10610000-memory.dmpFilesize
64KB
-
memory/724-4-0x00007FFC10600000-0x00007FFC10610000-memory.dmpFilesize
64KB
-
memory/724-5-0x00007FFC10600000-0x00007FFC10610000-memory.dmpFilesize
64KB
-
memory/724-6-0x000001EB8A1D0000-0x000001EB8A807000-memory.dmpFilesize
6.2MB
-
memory/724-7-0x000001EB99830000-0x000001EB99834000-memory.dmpFilesize
16KB